Bug#557134: syscp: incorrect usage of escapeshellcmd

Raphael Geissert Thu, 19 Nov 2009 11:46:09 -0800

Package: syscp
Severity: important
Version: 1.4.2.1-1
Tags: security

Hi,


I just found the following incorrect usage of escapeshellcmd, when 
escapeshellarg is needed:

/usr/share/syscp/lib/class_apsinstaller.php:
$Return = safe_exec('php ' . escapeshellcmd($this->RealPath . 
$this->DomainPath . '/install_scripts/configure install'), $ReturnStatus);

/usr/share/syscp/scripts/cron_tasks.inc.dns.10.bind.php:
 safe_exec('openssl genrsa -out ' . escapeshellcmd($privkey_filename) . ' 
1024');

/usr/share/syscp/scripts/cron_tasks.inc.dns.10.bind.php:
safe_exec("chmod 0640 " . escapeshellcmd($privkey_filename));

/usr/share/syscp/scripts/cron_tasks.inc.dns.10.bind.php:
                            safe_exec('openssl rsa -in ' . 
escapeshellcmd($privkey_filename) . ' -pubout -outform pem -out ' . 
escapeshellcmd($pubkey_filename));

/usr/share/syscp/scripts/cron_tasks.inc.dns.10.bind.php:
 safe_exec("chmod 0664 " . escapeshellcmd($pubkey_filename));

/usr/share/syscp/scripts/cron_tasks.inc.dns.10.bind.php:
 safe_exec("chmod 0640 " . escapeshellcmd($privkey_filename));

/usr/share/syscp/scripts/cron_tasks.inc.dns.10.bind.php:
 safe_exec("chmod 0664 " . escapeshellcmd($pubkey_filename));

Using 'important' as severity and tagging as 'security' until it is verified 
that the input of escapeshellcmd() comes from a trusted source and not from 
the user.

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Bug#557134: syscp: incorrect usage of escapeshellcmd

Reply via email to