A vulnerability has been discovered in SWORD, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an input sanitation error in diatheke.pl and can be exploited to inject and execute arbitrary shell commands via a specially crafted "range" parameter.
This is related to:
The vulnerability is confirmed in version 1.5.10 and reported in version 1.5.9. Other versions may also be affected.
Filter malicious characters and character sequences in a web proxy.
Provided and/or discovered by:
Reported via a Debian bug report by Dan Dennison.
Created attachment 144014 [details, diff]
shell_escape for the range parameter
here's the patch, courtesy of Debian.theology herd, please bump.
bah, forgot to set status, sorry fot the bugspam.
Fixed versions in CVS: 1.5.8-r2, 1.5.9-r2, 1.5.10-r2
Thx Steve for the quick fix.
Arches please test and mark stable. Target keywords are:
sword-1.5.8-r2.ebuild:KEYWORDS="amd64 ppc x86"
You shall not make wrongful use of the functions of your program....sorry, could not resist. x86 stable
Fixed in release snapshot.
diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote
attackers to execute arbitrary commands via shell metacharacters in an