Package: tightvncserver Version: 1.3.9-6.4 Severity: normal Dear Maintainer,
examples/vnc.conf.gz lists "It is perl syntax, but only variable assignment is allowed" Actually arbitrary code execution is allowed with a classic SQL ';' exploitation technique, which I figured out how to take advantage of to add a new option when starting the server. $tmp_local="ignore";push(@ARGV,'-dpi 96');print "after $Config_file, args; @ARGV\n"; Or something like this works. $tmp_local="ignore";exit(1); I'm not sure how much this matters because the file will either be an administrator owned file or the user owned file. Or the documentation could be updated. "The perl interpreter 'eval' is used and must be contain a variable assignment." Still there should be a better way to pass additional options to the vnc server from the config file. -- System Information: Debian Release: 7.1 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.9.0+ (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/dash Versions of packages tightvncserver depends on: ii libc6 2.13-38 ii libjpeg62 6b1-3 ii libx11-6 2:1.5.0-1+deb7u1 ii libxext6 2:1.3.1-2+deb7u1 ii perl 5.14.2-21 ii x11-common 1:7.7+3~deb7u1 ii xbase-clients 1:7.7+3~deb7u1 ii xserver-common 2:1.12.4-6 ii zlib1g 1:1.2.7.dfsg-13 Versions of packages tightvncserver recommends: ii xfonts-base 1:1.0.3 Versions of packages tightvncserver suggests: pn tightvnc-java <none> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
