** Changed in: unity-scope-audacious (Ubuntu)
Status: New => Confirmed
** Changed in: unity-scope-clementine (Ubuntu)
Status: New => Confirmed
** Changed in: unity-scope-gmusicbrowser (Ubuntu)
Status: New => Confirmed
** Changed in: unity-scope-gourmet (Ubuntu)
I haven't tested it but the patch looks like a vast improvement.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1483037
Title:
Possible Shell Command Injection in daemon
To manage
OK, check this new patch for the audacious scope.
- No injections
- Multiple Tracks
- Database issues
** Attachment added: "new audacious patch - multiple tracks + database"
Bernd, all those look like different errors. I just meant that the line:
"database = open(dbfile, "r")" doesn't have a corresponding line to
close the file once it's done.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
@Seth , you Comment 17 :
I had a look on audacious the db-file access :
for collection in os.listdir(AUDACIOUS_DBFILE):
dbfile = '%s/%s' % (AUDACIOUS_DBFILE, collection)
database = open(dbfile, "r")
database = database.read()
if not
New patch for unity_audacious_daemon.py
with better handling of multiple tracks
** Attachment added: "audacious patch - multiple tracks"
Hi David - Can you take a look at Seth's feedback in comment 17 and then
update your patches accordingly? Thanks!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1483037
Title:
Possible Shell Command
For a Shotwell Scope SQL injection Demo , i attached a screenshot.
Code can be injected with a file name in the function getPhotoForUri.
Demonstration:
a) rename some picture like this
xx
" UNION SELECT
@David
shotwell , firefoxbookmarks, chromiumbookmarks and zotero scope may be checked
for sql injections, too.
Example : Some code of the shotwell scope :
sql='select * from PhotoTable where filename = \"'+filename+'\"'
--
You received this bug notification because you are a member of Ubuntu
My new Clementine Patch.
I had a look on the other patches to fix the SQL injections.
Fixed utf8 decoding to crash with try and except.
Hope it works. Please test.
** Attachment added: "clementine patch , Shell Injections + SQL Injections +
UTF8 Crash"
The clementine patch appears to address the shell injection but does not
address UTF-8 crashes nor SQL injections.
The gourmet patch appears to address the SQL injection but does not
address the predictable /tmp/ filenames, potential cross-site scripting
issues due to use of unquoted HTML, and
** Patch added: "Patch for Guayadeque scope"
https://bugs.launchpad.net/ubuntu/+source/unity-scope-audacious/+bug/1483037/+attachment/4520006/+files/unity-scope-guayadeque.patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch added: "Patch for Audacious scope"
https://bugs.launchpad.net/ubuntu/+source/unity-scope-audacious/+bug/1483037/+attachment/4519724/+files/unity-scope-audacious.patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch added: "Patch for gMusicBrowser"
https://bugs.launchpad.net/ubuntu/+source/unity-scope-audacious/+bug/1483037/+attachment/4519728/+files/unity-scope-gmusicbrowser.patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
@David
Did you noticed that the albumtracks are a list and not a simple string ?
Have a look on my "Better patch for unity_clementine_daemon.py" on comment #10
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch added: "Patch for Musique scope"
https://bugs.launchpad.net/ubuntu/+source/unity-scope-audacious/+bug/1483037/+attachment/4519752/+files/unity-scope-musique.patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch added: "Patch for Gourmet SQL injection"
https://bugs.launchpad.net/ubuntu/+source/unity-scope-gmusicbrowser/+bug/1483037/+attachment/4508319/+files/unity-scope-gourmet.patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
Better patch attached for the clementine unity scope Python script.
1) I use subprocess.Popen() this time instead of the simple subprocess.call()
before.
2) Should now handle albumtracks in a better way because its a list of strings.
3) Clementime gives you now a error message on playing a
I attached a patch for unity_clementine_daemon.py wich should solve the
problem using subprocess
** Patch added: "unity_clementine_daemon_patch.diff"
https://bugs.launchpad.net/ubuntu/+source/unity-scope-clementine/+bug/1483037/+attachment/4502656/+files/unity_clementine_daemon_patch.diff
--
The attachment "unity_clementine_daemon_patch.diff" seems to be a patch.
If it isn't, please remove the "patch" flag from the attachment, remove
the "patch" tag, and if you are a member of the ~ubuntu-reviewers,
unsubscribe the team.
[This is an automated message performed by a Launchpad user
All these tools used unsafe APIs and need drastic re-working regardless
of specific database mitigations.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1483037
Title:
Possible Shell Command
If the shell command can be injected seems only depend on how the
Musikplayers store their data.
The Gmusicbrowser Unity Scope seems to be lucky because the
gmusicbrowser player changes special chars in the name before it stores
it in his database.
The Audacious Scope and Clementine Scope are
** Also affects: unity-scope-audacious (Ubuntu)
Importance: Undecided
Status: New
** Also affects: unity-scope-clementine (Ubuntu)
Importance: Undecided
Status: New
** Also affects: unity-scope-guayadeque (Ubuntu)
Importance: Undecided
Status: New
** Also affects:
Exploid Demo Video (german)
https://www.youtube.com/watch?v=JrP7B6CIOMQ
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1483037
Title:
Possible Shell Command Injection in daemon
To manage
Bernd, thank you for this report and excellent demonstrations. More to
come later.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1483037
Title:
Possible Shell Command Injection in daemon
To manage
I attached a Clementine Scope Exploid Screenshot Demo
** Attachment added: exploid scope clementine
https://bugs.launchpad.net/ubuntu/+source/unity-scope-gmusicbrowser/+bug/1483037/+attachment/4442436/+files/Clementine%20Scope%20Exploid%20Screenshot.png
--
You received this bug
** Summary changed:
- Possible Shell Comand Injection in deamon
+ Possible Shell Command Injection in daemon
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1483037
Title:
Possible Shell Command
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1483037
Title:
Possible Shell Command Injection in daemon
To manage notifications about
28 matches
Mail list logo
