oss-sec mailing list archives

CVE id request: comix

From: Nico Golde <oss-security+ml () ngolde de>
Date: Mon, 31 Mar 2008 15:40:37 +0200

Hi,
comix is vulnerable to arbitrary code execution via crafted 
file names.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462840

I confirmed this using comix\"\;echo\ owned\>bla\;ls\ \"
as a simple reroducer.

Kind regards
Nico
-- 
Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: _bin
Description:

Current thread:

CVE id request: comix Nico Golde (Mar 31)
- Re: CVE id request: comix Steven M. Christey (Mar 31)