Public bug reported:

File : /usr/share/perl5/dialog.pl

Line 25, 42, 62, 77 :
system("dialog --title \"$title\" --textbox $file $height $width");

The perl script "dialog.pl" uses the system() command.
So shell code in a path and/or file name could be executed.

For Example like in this perl demo script:

require "dialog.pl"; 
rhs_textbox("Demo",";xeyes;#.txt","100","100");

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: dialog 1.2-20130928-1
ProcVersionSignature: Ubuntu 3.19.0-32.37~14.04.1-generic 3.19.8-ckt7
Uname: Linux 3.19.0-32-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.14.1-0ubuntu3.21
Architecture: amd64
CurrentDesktop: X-Cinnamon
Date: Sat Jul  2 15:44:59 2016
InstallationDate: Installed on 2016-06-18 (14 days ago)
InstallationMedia: Linux Mint 17.3 "Rosa" - Release amd64 20151128
ProcEnviron:
 TERM=xterm
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=de_DE.UTF-8
 SHELL=/bin/bash
SourcePackage: dialog
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: dialog (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug rosa

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1598438

Title:
  dialog.pl allows to inject shell code

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dialog/+bug/1598438/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to