[Pkg-xfce-devel] Bug#437454: CVE-2007-3770: execute arbitrary commands via crafted links using "Open Link" functionality

Darren Salt linux at youmustbejoking.demon.co.uk
Sun Aug 12 15:58:37 UTC 2007


Package: xfce4-terminal
Version: 0.2.5.6rc1-2
Severity: grave
Tags: security, patch

CVE-2007-3770 says:
  The terminal_helper_execute function in terminal/terminal.c in Xfce
  Terminal 0.2.6 allows user-assisted remote attackers to execute arbitrary
  commands via shell metacharacters in a crafted link, as demonstrated using
  the "Open Link" functionality.

Upstream link: http://bugzilla.xfce.org/show_bug.cgi?id=3383

The attached patch fixes this: the code changes add shell quoting, using
g_shell_quote(), and the *.desktop.in files are modified to avoid
over-quoting (without this, we'd get "'foo'" instead of 'foo').

-- 
| Darren Salt    | linux or ds at              | nr. Ashington, | Toon
| RISC OS, Linux | youmustbejoking,demon,co,uk | Northumberland | Army
| + Use more efficient products. Use less.          BE MORE ENERGY EFFICIENT.

Confucius say: He who post large binary, get flamed.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 01_CVE-2007-3770.patch
Type: application/octet-stream
Size: 6713 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-xfce-devel/attachments/20070812/5375bde0/attachment.obj 


More information about the Pkg-xfce-devel mailing list