Date: Thu, 27 Nov 2014 00:25:09 +0200 From: Henri Salo <henri@...v.fi> To: oss-security@...ts.openwall.com Cc: jack@...ezen.org Subject: CVE request: Canto Feed URL Parsing Command Line Injection Can I get 2013 CVE for Canto feed URL parsing command line injection vulnerability, thanks. Project website: http://codezen.org/canto-ng/ Affected versions: All versions prior to v0.9.0 Debian version affected: 0.7.10-4 Canto was later removed from Debian. Versions 0.7.10-4 (wheezy) and 0.7.9-1 (squeeze) are not affected with this payload. Upstream fix: https://github.com/themoken/canto-curses/commit/2817869f98c54975f31e2dd674c1aefa70749cca PoCs attached from the original advisory email. OSVDB: http://osvdb.org/101335 Reported in Debian BTS https://bugs.debian.org/731582 by <the_walrus_88@...lymail.net>. Quoting the mail: """ I have just found a command line injection security vuln in canto. The program fetches feeds from configured sites, and the feeds contain URLs that people may want to visit. If a user starts canto and chooses to go to one URL from one feed, canto constructs a sh command line to visit the URL, but it doesn't remove metachars. Therefore a malicious feed (owner turned bad, man in the middle attack if fetched with http) can put in bad data in all link and guid elements of the feed and use this to hack the user when they visit some of the URLs. Not good. See my conf.py and evil.rss files for an example. Sorry for my English! """ In case someone finds more issues you can contact developer via: http://codezen.org/canto-ng/contact-bugs/ --- Henri Salo Download attachment "evil.rss" of type "application/x-rss+xml" (1526 bytes) View attachment "conf.py" of type "text/x-python" (75 bytes) Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.