Package: reportbug
Version: 3.31
Severity: grave
Tags: security
Justification: user security hole
sys.path = [os.curdir, '/usr/share/reportbug'] + sys.path
To "exploit":
$ echo 'raise "FOO"' > token.py
$ reportbug
Traceback (most recent call last):
File "/usr/bin/reportbug", line 39, in ?
import optparse, re, os, pwd, time, locale, commands, checkversions
File "/usr/lib/python2.4/optparse.py", line 73, in ?
from gettext import gettext as _
File "/usr/lib/python2.4/gettext.py", line 49, in ?
import locale, copy, os, re, struct, sys
File "/usr/lib/python2.4/copy.py", line 65, in ?
import inspect
File "/usr/lib/python2.4/inspect.py", line 31, in ?
import sys, os, types, string, re, dis, imp, tokenize, linecache
File "/usr/lib/python2.4/tokenize.py", line 30, in ?
from token import *
File "./token.py", line 1, in ?
raise "FOO"
FOO
-- Package-specific info:
** Environment settings:
EDITOR="vim"
EMAIL="Thomas Arendsen Hein <[EMAIL PROTECTED]>"
** /home/thomas/.reportbugrc:
mutt
email "[EMAIL PROTECTED]"
realname "Thomas Arendsen Hein"
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.24.3-id1-k8-2
Locale: LANG=en_US, [EMAIL PROTECTED] (charmap=ISO-8859-15)
Versions of packages reportbug depends on:
ii python 2.4.4-2 An interactive high-level object-o
ii python-central 0.5.12 register and build utility for Pyt
Versions of packages reportbug recommends:
pn python-cjkcodecs | python-ico <none> (no description available)
-- no debconf information
--
[EMAIL PROTECTED] - http://intevation.de/~thomas/ - OpenPGP key: 0x5816791A
Intevation GmbH, Osnabrueck - Register: Amtsgericht Osnabrueck, HR B 18998
Geschaeftsfuehrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
