Red Hat Bugzilla – Bug 1040228
CVE-2013-7069 ack: code execution via .ackrc file
Last modified: 2015-01-04 17:38:02 EST
A flaw was found in the way ack, a tool similar to grep, processed .ackrc files. If a local user ran ack in an attacker-controlled directory, it would lead to arbitrary code execution with the privileges of the user running ack. This issue affects versions 2.00 to 2.10 (such as the version in Fedora 19), and should be fixed in version 2.12. It does not affect versions below 2.00 (such as those in EPEL).
https://github.com/petdance/ack2/issues/414 also provides further restrictions.
CVE request: http://www.openwall.com/lists/oss-security/2013/12/10/10
Created ack tracking bugs for this issue:
Affects: fedora-19 [bug 1040229]
ack-2.12-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
ack-2.12-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.