New submission from Bernd Dietzel: https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/1514183
File : /usr/lib/python2.7/distutils/command/bdist_rpm.py Line 358 : This line in the code uses the depreached os.popen command, should be replaced with subprocess.Popen() : out = os.popen(q_cmd) Exploit demo : ============ 1) Download the setup.py script witch i attached 2) Create a test folder an put the setup.py script in this folder 3) cd to the test folder 4) python setup.py bdist_rpm 5) A xmessage window pops up as a proof of concept ---------- components: Distutils files: setup.py messages: 254670 nosy: TheRegRunner, dstufft, eric.araujo priority: normal severity: normal status: open title: distutils : file "bdist_rpm.py" allows Shell injection in "name type: security versions: Python 2.7 Added file: http://bugs.python.org/file41043/setup.py _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue25627> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
