Comment 0 for bug 1514183
Revision history for this message
| Bernd Dietzel (l-ubuntuone1104) wrote distutils : filebdist_rpm.py allows Shell injection in "name" | #0 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
513534c
demo site
(Get the code!)
File :
/usr/lib/
Line 358 :
This line in the code uses the depreached os.popen command, should be replaced with supbprocess.Popen() :
out = os.popen(q_cmd)
Exploit demo :
============
1) Download the setup.py script wich i attached
2) Create a test folder an put the setup.py script in this folder
3) cd to the test folder
4) python setup.py bdist_rpm
5) A xmessage window pops up as a proof of concept
ProblemType: Bug
DistroRelease: Ubuntu 15.10
Package: libpython2.7-stdlib 2.7.10-4ubuntu1
ProcVersionSign
Uname: Linux 4.2.0-17-generic x86_64
NonfreeKernelMo
ApportVersion: 2.19.1-0ubuntu4
Architecture: amd64
CurrentDesktop: Unity
Date: Sun Nov 8 13:47:34 2015
InstallationDate: Installed on 2015-10-22 (16 days ago)
InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Release amd64 (20151021)
SourcePackage: python2.7
UpgradeStatus: No upgrade log present (probably fresh install)