- Package:
- debian-goodies
- Source:
- debian-goodies
- Submitter:
- Jakub Wilk
- Date:
- 2023-02-25 17:03:08 UTC
- Severity:
- normal
- Tags:
This code
return=`$cmd --title "Select a file ($status:$package)" --menu '' $y $x $h $manpages 2>&1 1>&3`
is vulnerable to option injection. For dialog(1), the --trace option
could be abused to to append (partially-)attacker-controlled text to
arbitrary files.
I've attached PoC exploit that tries to append malicious code to
/home/alice/.bash_logout.
* Jakub Wilk <jwilk@jwilk.net>, 2023-02-25 17:51: https://github.com/jwilk/crafted.deb/blob/master/gen-deb1031938-debmany