oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: ack-grep: potential remote code execution via per-project .ackrc files

From: cve-assign () mitre org
Date: Wed, 11 Dec 2013 23:49:57 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


This verison of ack prevents the --pager, --regex and --output
options from being used from project-level ackrc files.  It is
possible to execute malicious code with these options


Use CVE-2013-7069.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJSqT/wAAoJEKllVAevmvms2mUH+gMG97hD1ieJnU8eDSBz2jTP
ZOy+PH/QzLcaSEtFrPG7ge9SfY8sowGGpTQPPyMI08zAdWZNlPCKzi/Y0Od0tohv
dxkXwUoluY/KGvpoUD1doVGf49mGNTfP7x/KxIdYQn/0aMTOQ9uf95QA640AV3k9
kKTdUiCBs3pvQ0yT//euC0nQMEUC+cWzs6DvDtckAyGc2Dn53MLTSlL2jx3fkrvj
JM/kDaWB3yebdF0anDbrnq6lDSo+XfoTie4XQgHU+AMCopVYYXryipK2xt95DKtW
SwXZnBMjeWtcQMV1i0E5awL5GFEkA20sUMBcc/aDadQMGuBTcL9dn/lzhPvEy8E=
=7136
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: