Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 4 Sep 2017 14:41:07 +0200
From: Marcus Meissner <meissner@...e.de>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2017-1000083: evince: Command injection
 vulnerability in CBT handler

> > This can be exploited by creating a tar archive with an embedded file
> > named something
> > like this: "--checkpoint-action=exec=bash -c 'touch ~/covfefe.evince;'.jpg"
> > 
> > (Make sure evince is not sandboxed by apparmor before trying to reproduce
> > the attached POC)
> 
> Not sure if the list ate the attachment, but I don’t see it available. Perhaps a link to it somewhere else would be of use?

Sebastian Krahmer of SUSE recreated one that starts xeyes.

https://bugzilla.suse.com/show_bug.cgi?id=1046856

	( attachment link https://bugzilla.suse.com/attachment.cgi?id=739314 ) 

Ciao, Marcus

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ