210754 CVE-2008-0932 2008-02-19 20:46 0000 app-text/sword <1.5.8-r2 shell command injection (CVE-2008-0932) 2008-03-03 21:33:40 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://secunia.com/advisories/29012/ B1 [glsa] P2 major --- 1 py@gentoo.org security@gentoo.org theology@gentoo.org py@gentoo.org 2008-02-19 20:46:45 0000 A vulnerability has been discovered in SWORD, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an input sanitation error in diatheke.pl and can be exploited to inject and execute arbitrary shell commands via a specially crafted "range" parameter. This is related to: SA13897 The vulnerability is confirmed in version 1.5.10 and reported in version 1.5.9. Other versions may also be affected. Solution: Filter malicious characters and character sequences in a web proxy. Provided and/or discovered by: Reported via a Debian bug report by Dan Dennison. Original Advisory: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466449 py@gentoo.org 2008-02-19 21:23:04 0000 Created an attachment (id=144014) shell_escape for the range parameter here's the patch, courtesy of Debian.theology herd, please bump. py@gentoo.org 2008-02-19 21:25:16 0000 bah, forgot to set status, sorry fot the bugspam. beandog@gentoo.org 2008-02-20 04:04:42 0000 Fixed versions in CVS: 1.5.8-r2, 1.5.9-r2, 1.5.10-r2 jaervosz@gentoo.org 2008-02-20 08:16:57 0000 Thx Steve for the quick fix. Arches please test and mark stable. Target keywords are: sword-1.5.8-r2.ebuild:KEYWORDS="amd64 ppc x86" fauli@gentoo.org 2008-02-20 08:53:31 0000 You shall not make wrongful use of the functions of your program....sorry, could not resist. x86 stable welp@gentoo.org 2008-02-21 18:51:24 0000 amd64 done dertobi123@gentoo.org 2008-02-22 14:23:24 0000 ppc stable pva@gentoo.org 2008-02-24 20:38:02 0000 Fixed in release snapshot. rbu@gentoo.org 2008-02-26 22:44:41 0000 CVE-2008-0932 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0932): diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an unspecified parameter. py@gentoo.org 2008-03-03 21:33:40 0000 GLSA 200803-06 144014 2008-02-19 21:23 0000 shell_escape for the range parameter sword_escape_range.patch text/plain Ky0tLSBzd29yZC0xLjUuOS5vcmlnL3V0aWxpdGllcy9kaWF0aGVrZS9jZ2kvZGlhdGhla2UucGwg ICAgICAgIDIwMDgtMDItMTggMjI6MTA6MDkuMDAwMDAwMDAwICswMDAwCisrKysgc3dvcmQtMS41 LjkvdXRpbGl0aWVzL2RpYXRoZWtlL2NnaS9kaWF0aGVrZS5wbCAgICAgMjAwOC0wMi0xOCAyMjoz MDoyNS4wMDAwMDAwMDAgKzAwMDAKK0BAIC0xMTAsOCArMTEwLDcgQEAKKyAgICAgICAgICAgJHJh bmdlID0gJG15ZGF0YTsKKyAgICAgICAgICAgJHJhbmdlID1+IHRyLysvIC87CisgICAgICAgICAg ICRyYW5nZSA9fiBzLyUoW2EtZkEtRjAtOV1bYS1mQS1GMC05XSkvcGFjaygiQyIsIGhleCgkMSkp L2VnOworLSAgICAgICAgICAkcmFuZ2UgPSAiLXIgXCIkcmFuZ2VcIiI7CistICAgICAgICAgICAg JHJhbmdlID0gc2hlbGxfZXNjYXBlKCRyYW5nZSk7CisrICAgICAgICAgICRyYW5nZSA9ICItciAn IiAuIHNoZWxsX2VzY2FwZSgkcmFuZ2UpIC4gIiciOworICAgICAgIH0KKworICAgICAgIGVsc2lm ICgkdmFybmFtZSBlcSAic3Ryb25ncyIpIHsK