oss-sec mailing list archives

CVE Request: lshell: shell outbreak vulnerabilities via bad syntax parse and multiline commands

From: Salvatore Bonaccorso <carnil () debian org>
Date: Mon, 22 Aug 2016 21:54:35 +0200

Hi

Two shell outbreak vulnerability for lshell, a shell coded in python,
that is intended to restrict a user's environment to only a limited
sets of commands.

1/ Shell outbreak due to bad syntax parse
   - https://github.com/ghantoos/lshell/issues/147
   - https://bugs.debian.org/834949

2/ Shell outbreak with multiline commands
   - https://github.com/ghantoos/lshell/issues/149
   - Fix: https://github.com/ghantoos/lshell/commit/e72dfcd1f258193f9aaea3591ecbdaed207661a0
   - https://bugs.debian.org/834946

Could you please assign two CVEs for those lshell issues?

Regards,
Salvatore

Current thread:

CVE Request: lshell: shell outbreak vulnerabilities via bad syntax parse and multiline commands Salvatore Bonaccorso (Aug 22)
- Re: CVE Request: lshell: shell outbreak vulnerabilities via bad syntax parse and multiline commands cve-assign (Aug 22)