On 2011-07-28 23:51:02 -0400, Chung-chieh Shan wrote: > Using a crafted .pdf.gz file name (which could be sent from a Web > server to a browser, for example), xpdf can be fooled into deleting an > unrelated file as long as its name is a single letter.
One can even execute commands up to 3 characters! e.g. $ gzip -c </dev/null >'`env`.pdf.gz' $ xpdf '`env`.pdf.gz' -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <http://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / Arénaire project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
