Summary: | app-text/sword: diatheke.pl Shell Command Injection Vulnerability | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Luke Macken (RETIRED) <lewk> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED INVALID | ||||||
Severity: | major | CC: | squinky86, taviso, vapier | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | All | ||||||
URL: | http://www.debian.org/security/2005/dsa-650 | ||||||
Whiteboard: | C1 [] lewk | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Luke Macken (RETIRED)
![]() Created attachment 49105 [details, diff]
sword-1.5.8-diatheke.patch
patch ported from debians 1.5.3 patch.
We are quite a few versions ahead of debians on this one.. but it looks like our code is still vulnerable. squinky86, please verify/apply. solar/vapier: we could try applying this patch ourselves, as squinky isn't answering. Gentoo doesnt include the diatheke.pl script in the package, so I dont think we are vulnerable to this bug. Incidentally, in debian's patch it looks like $range is never escaped, so this could still be exploited by searching for the range ";command;" or similar :) taviso: good catch. I verified that the patch applied and not that we didn't ship the diatheke.pl CGI. Note that Debian doesn't ship a version that includes the "range" operator so they are in fact unaffected by that remaining vulnerability. |