Public bug reported:
Binary package hint: psfontmgr
/usr/bin/defoma-psfont-installer have command injection bug .
test case :
emanuel@emanuel-desktop:/tmp$ touch "123" "123';echo Systeminj;echo '1" #
select that file in next command
emanuel@emanuel-desktop:/tmp$ /usr/bin/defoma-psfont-installer
Systeminj
No font gets registered.
the bug can be found at :
system("/bin/cat '$ppdfile' | /usr/bin/tr '\\r' '\\n' > $tempfile");
** Affects: defoma (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/782209
Title:
command injection in defoma-psfont-installer
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
