User: Password:
Subscribe / Log in / New account

bluetile: command injection

Package(s):bluetile CVE #(s):CVE-2013-1436
Created:August 6, 2013 Updated:May 28, 2014
Description: From the OSS security mailing list:

A remote command injection vulnerability was reported in xmonad-contrib. The vulnerability is in the XMonad.Hooks.DynamicLog module.

As we know, web browsers usually set the window title to the current tab. A malicious user, then, can craft a special title in order to inject commands in the current bar.

Gentoo 201405-28 xmonad-contrib 2014-05-28
Fedora FEDORA-2013-13332 xmonad 2013-08-06
Fedora FEDORA-2013-13332 xmobar 2013-08-06
Fedora FEDORA-2013-13332 ghc-xmonad-contrib 2013-08-06
Fedora FEDORA-2013-13388 ghc-xmonad-contrib 2013-08-06
Fedora FEDORA-2013-13332 ghc-X11-xft 2013-08-06
Fedora FEDORA-2013-13332 ghc-X11 2013-08-06
Fedora FEDORA-2013-13332 bluetile 2013-08-06
Fedora FEDORA-2013-13388 bluetile 2013-08-06

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds