1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
- - -------------------------------------------------------------------- |
5 |
GENTOO LINUX SECURITY ANNOUNCEMENT |
6 |
- - -------------------------------------------------------------------- |
7 |
|
8 |
PACKAGE :gv |
9 |
SUMMARY :Execution of Arbitrary Shell Commands |
10 |
DATE :2002-10-03 10:00 UTC |
11 |
|
12 |
- - -------------------------------------------------------------------- |
13 |
|
14 |
OVERVIEW |
15 |
|
16 |
GV can be tricked into executing arbitary shell commands. |
17 |
|
18 |
DETAIL |
19 |
|
20 |
When GV detects that the document is either a PDF file or a |
21 |
GZip compressed file, it executes some commands with the help |
22 |
of the system() function. Unfortunately, these commands |
23 |
contain the filename, which can be considered as untrusted user |
24 |
input. It is then possible to distribute a file (with a meticulously |
25 |
choosed filename, that can even seems innocent) that causes execution of |
26 |
arbitrary shell commands when it is read with GV. |
27 |
|
28 |
Read the original advisory at |
29 |
http://www.epita.fr/~bevand_m/asa/asa-0000 |
30 |
|
31 |
SOLUTION |
32 |
|
33 |
It is recommended that all Gentoo Linux users who are running |
34 |
app-text/gv-3.58-r1 and earlier update their systems |
35 |
as follows: |
36 |
|
37 |
emerge rsync |
38 |
emerge gv |
39 |
emerge clean |
40 |
|
41 |
- - -------------------------------------------------------------------- |
42 |
aliz@g.o - GnuPG key is available at www.gentoo.org/~aliz |
43 |
- - -------------------------------------------------------------------- |
44 |
-----BEGIN PGP SIGNATURE----- |
45 |
Version: GnuPG v1.0.7 (GNU/Linux) |
46 |
|
47 |
iD8DBQE9nBYTfT7nyhUpoZMRAs5iAKCQDEFd64NlXMqKZ7zs5BYCdbjQLACdFCV9 |
48 |
ANLj7Y54vnJdkfPxzuNmfuE= |
49 |
=0AGQ |
50 |
-----END PGP SIGNATURE----- |