189594 – Beagle command line injection

Bug 189594 - Beagle command line injection

Summary: Beagle command line injection

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	beagle
Sub Component:
Version:	5
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Alexander Larsson
QA Contact:
Docs Contact:
URL:
Whiteboard:	impact=moderate,reported=20060412,pub...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-04-21 14:10 UTC by Josh Bressers
Modified:	2007-11-30 22:11 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-04-21 14:11:48 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Josh Bressers 2006-04-21 14:10:32 UTC

Beagle command line injection

Chris Evans discovered that while indexing, Beagle will build certain
command lines in an insecure manner.  When Beagle executes external
helper applications, it is possible to cause beagle to execute
arbitrary commands as the user running beagle.

Comment 1 Josh Bressers 2006-04-21 14:11:48 UTC

Sorry, this isn't a real bug, it's a tool gone haywire.

Note You need to log in before you can comment on or make changes to this bug.