This is certainly a bug, but kdesudo is just a wrapper around sudo.
While it does expand the arguments incorrectly, this isn't exploitable
short of tricking someone to run kdesudo on a huge weird-looking
commandline that would just fail anyway since glibc would block any use
of %n. Unflagged as security.
** This bug is no longer flagged as a security vulnerability
** Changed in: kdesudo (Ubuntu)
Importance: Medium => Low
** Changed in: kdesudo (Ubuntu)
Status: New => Triaged
--
kdesudo crashed with SIGSEGV in strlen()
https://bugs.launchpad.net/bugs/281877
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
