Public bug reported: File : /usr/share/perl5/dialog.pl
Line 25, 42, 62, 77 : system("dialog --title \"$title\" --textbox $file $height $width"); The perl script "dialog.pl" uses the system() command. So shell code in a path and/or file name could be executed. For Example like in this perl demo script: require "dialog.pl"; rhs_textbox("Demo",";xeyes;#.txt","100","100"); ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: dialog 1.2-20130928-1 ProcVersionSignature: Ubuntu 3.19.0-32.37~14.04.1-generic 3.19.8-ckt7 Uname: Linux 3.19.0-32-generic x86_64 NonfreeKernelModules: nvidia ApportVersion: 2.14.1-0ubuntu3.21 Architecture: amd64 CurrentDesktop: X-Cinnamon Date: Sat Jul 2 15:44:59 2016 InstallationDate: Installed on 2016-06-18 (14 days ago) InstallationMedia: Linux Mint 17.3 "Rosa" - Release amd64 20151128 ProcEnviron: TERM=xterm PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=de_DE.UTF-8 SHELL=/bin/bash SourcePackage: dialog UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: dialog (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug rosa -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1598438 Title: dialog.pl allows to inject shell code To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dialog/+bug/1598438/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs