gufw-developers team mailing list archive
-
gufw-developers team
-
Mailing list archive
-
Message #01809
[Bug 1410839] [NEW] Shell Command injection in ufw_backend.py
*** This bug is a security vulnerability ***
Private security bug reported:
Firewall Administrators can be tricked by someone to export a profile
with Gufw to an special crafted file or path name wich contains shell
code.
reason is this line in ufw_backend.py :
def export_profile(self, profile, file):
commands.getstatusoutput('cp /etc/gufw/' + profile + '.profile ' + file + ' ; chmod 777 ' + file)
The rename and delete funktions are also unsave if profile name contains
shell code, like semicolons.
** Affects: gui-ufw
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Gufw
Developers, which is subscribed to Gufw.
https://bugs.launchpad.net/bugs/1410839
Title:
Shell Command injection in ufw_backend.py
Status in Gufw:
New
Bug description:
Firewall Administrators can be tricked by someone to export a profile
with Gufw to an special crafted file or path name wich contains shell
code.
reason is this line in ufw_backend.py :
def export_profile(self, profile, file):
commands.getstatusoutput('cp /etc/gufw/' + profile + '.profile ' + file + ' ; chmod 777 ' + file)
The rename and delete funktions are also unsave if profile name
contains shell code, like semicolons.
To manage notifications about this bug go to:
https://bugs.launchpad.net/gui-ufw/+bug/1410839/+subscriptions
Follow ups
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: Mathew Hodson, 2016-04-24
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: Mathew Hodson, 2015-11-02
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: Mathew Hodson, 2015-11-02
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: Brian Murray, 2015-10-08
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: Bernd Dietzel, 2015-10-03
-
[Bug 1410839] [gui-ufw/vivid] verification still needed
From: Ubuntu Foundations Team Bug Bot, 2015-09-30
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: Chris J Arges, 2015-07-01
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: Launchpad Bug Tracker, 2015-06-04
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: Bernd Dietzel, 2015-01-21
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: costales, 2015-01-21
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: costales, 2015-01-21
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: costales, 2015-01-21
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: costales, 2015-01-21
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: Bernd Dietzel, 2015-01-20
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: Bernd Dietzel, 2015-01-19
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: costales, 2015-01-19
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: costales, 2015-01-19
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: Bernd Dietzel, 2015-01-18
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: costales, 2015-01-18
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: costales, 2015-01-18
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: Ubuntu Foundations Team Bug Bot, 2015-01-18
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: costales, 2015-01-17
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: costales, 2015-01-17
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: Bernd Dietzel, 2015-01-17
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: Bernd Dietzel, 2015-01-17
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: costales, 2015-01-17
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: costales, 2015-01-17
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: Bernd Dietzel, 2015-01-17
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: costales, 2015-01-17
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: Bernd Dietzel, 2015-01-17
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: Bernd Dietzel, 2015-01-17
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: Bernd Dietzel, 2015-01-17
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: costales, 2015-01-17
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: costales, 2015-01-17
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: costales, 2015-01-17
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: costales, 2015-01-17
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: Bernd Dietzel, 2015-01-17
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: costales, 2015-01-17
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: Bernd Dietzel, 2015-01-17
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: costales, 2015-01-16
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: costales, 2015-01-16
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: costales, 2015-01-15
-
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
From: L-ubuntuone1104, 2015-01-15
-
Re: [Bug 1410839] [NEW] Shell Command injection in ufw_backend.py
From: costales, 2015-01-14
-
[Bug 1410839] [NEW] Shell Command injection in ufw_backend.py
From: L-ubuntuone1104, 2015-01-14
References