Home page logo

bugtraq logo Bugtraq mailing list archives

evil little dictionary
From: Pavel Machek <pavel () ucw cz>
Date: Fri, 26 Jun 2009 20:24:44 +0200

Subject: stardict broadcasts clipboard context over network
Package: stardict
Version: 3.0.1-4.1
Justification: user security hole
Severity: grave
Tags: security

*** Please type your report below this line ***

In default config "enable net dict" is selected, it attempts to grab
clipboard and sends it over network... Unfortunately, not nearly all
data in clipboard are meant for translation, and some may be pretty

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.30 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=cs_CZ (charmap=ISO-8859-2)
Shell: /bin/sh linked to /bin/bash

Versions of packages stardict depends on:
ii  stardict-gnome                3.0.1-4.1  International dictionary

stardict recommends no packages.

stardict suggests no packages.

-- no debconf information

(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

  By Date           By Thread  

Current thread:
  • evil little dictionary Pavel Machek (Jun 26)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]