A vulnerability has been discovered in SWORD, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an input sanitation error in diatheke.pl and can be exploited to inject and execute arbitrary shell commands via a specially crafted "range" parameter. This is related to: SA13897 The vulnerability is confirmed in version 1.5.10 and reported in version 1.5.9. Other versions may also be affected. Solution: Filter malicious characters and character sequences in a web proxy. Provided and/or discovered by: Reported via a Debian bug report by Dan Dennison. Original Advisory: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466449
Created attachment 144014 [details, diff] shell_escape for the range parameter here's the patch, courtesy of Debian.theology herd, please bump.
bah, forgot to set status, sorry fot the bugspam.
Fixed versions in CVS: 1.5.8-r2, 1.5.9-r2, 1.5.10-r2
Thx Steve for the quick fix. Arches please test and mark stable. Target keywords are: sword-1.5.8-r2.ebuild:KEYWORDS="amd64 ppc x86"
You shall not make wrongful use of the functions of your program....sorry, could not resist. x86 stable
amd64 done
ppc stable
Fixed in release snapshot.
CVE-2008-0932 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0932): diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an unspecified parameter.
GLSA 200803-06