First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 268163
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Alex Legler <a3li@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 268163 depends on: Show dependency tree
Bug 268163 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2009-05-01 20:14 0000 
CVE-2009-1440 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1440):
  Incomplete blacklist vulnerability in DownloadListCtrl.cpp in amule
  2.2.4 allows remote attackers to conduct argument injection attacks
  into a command for mplayer via a crafted filename.

------- Comment #1 From Stefan Behte 2009-05-06 22:14:42 0000 ------- 
From the debian bug:

   src/DownloadListCtrl.cpp does the following (code edited for
clarification):

command = wxT("xterm -T \"aMule Preview\" -iconic -e mplayer '$file'");
[...]
wxString rawFileName = file->GetFullName().GetRaw();
command.Replace(wxT("$file"), rawFileName);
[...]
wxExecute(command, wxEXEC_ASYNC, p);

   Although file->GetFullName() is sanitised by removing :/<> and
probably other characters, the single tick (') is neither filtered
away nor escaped. Thus it is possible to craft a file name that
passes remotely defined arguments to the video player.

Sounds like more than B3. Unfortunately, there does not seem to be patch,
yet...

------- Comment #2 From Patrick Lauer 2009-05-24 18:38:53 0000 ------- 
+  24 May 2009; Patrick Lauer <patrick@gentoo.org> +amule-2.2.5.ebuild:         
+  Bump to 2.2.5, fixes #270060  

2.2.5 seems to fix this issue according to upstream.

------- Comment #3 From Robert Buchholz 2009-07-17 09:43:01 0000 ------- 
Arches, please test and mark stable:
=net-p2p/amule-2.2.5
Target keywords : "alpha amd64 hppa ppc ppc64 x86"

------- Comment #4 From Jeroen Roovers 2009-07-18 14:49:16 0000 ------- 
Stable for HPPA.

------- Comment #5 From Tobias Klausmann 2009-07-19 16:34:48 0000 ------- 
Stable on alpha.

------- Comment #6 From nixnut 2009-07-19 18:40:22 0000 ------- 
ppc stable

------- Comment #7 From Raúl Porcel 2009-07-20 14:23:53 0000 ------- 
x86 stable

------- Comment #8 From Brent Baude 2009-07-26 12:43:08 0000 ------- 
ppc64 done

------- Comment #9 From Markus Meier 2009-07-27 22:08:35 0000 ------- 
amd64 stable, all arches done.

------- Comment #10 From Alex Legler 2009-09-09 13:34:15 0000 ------- 
GLSA 200909-06

------- Comment #11 From Alexander Bezrukov 2009-10-25 12:13:10 0000 ------- 
According to aMule Changelog (http://wiki.amule.org/index.php/Changelog_2.2.6),
this security issue is "really fixed" in 2.2.6, which is now masked. Sorry, if
I create unnecessary noise but I believe this deserves attention.
First Last Prev Next    No search results available      Search page      Enter new bug