[Expired for linux (Ubuntu) because there has been no activity for 60
days.]
** Changed in: linux (Ubuntu)
Status: Incomplete => Expired
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1550676
Title:
analyze_suspend.py may allow shell code injection
Status in linux package in Ubuntu:
Expired
Bug description:
File :
/usr/src/linux-headers-4.4.0-7/scripts/analyze_suspend.py
The file "analyze_suspend.py" uses depreached and insecure python calls like
os.popen and os.system.
This may lead to unwanted code execution.
For example when the script does a walk through /sys/devices ,
it could be possible that shell code in the "dirname" of the device will be
executed by a shell ,
e.g. with a special crafted ( loop ? ) device with the name
"/sys/devices/...some path.../;shell command here;/.../usb9/" and puts 2 files
'idVendor' and 'idProduct' into that folder.
So, please replace all the the os calls with subprocess.
---------------
Line : 2829-2842
def setUSBDevicesAuto():
global sysvals
rootCheck()
for dirname, dirnames, filenames in os.walk('/sys/devices'):
if(re.match('.*/usb[0-9]*.*', dirname) and
'idVendor' in filenames and 'idProduct' in filenames):
os.system('echo auto > %s/power/control' % dirname)
name = dirname.split('/')[-1]
desc = os.popen('cat %s/product 2>/dev/null' % \
dirname).read().replace('\n', '')
ctrl = os.popen('cat %s/power/control 2>/dev/null' % \
dirname).read().replace('\n', '')
print('control is %s for %6s: %s' % (ctrl, name, desc))
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: linux-headers-4.4.0-7 4.4.0-7.22
ProcVersionSignature: Ubuntu 4.4.0-7.22-generic 4.4.2
Uname: Linux 4.4.0-7-generic x86_64
ApportVersion: 2.20-0ubuntu3
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC0: theregrunner 1929 F.... pulseaudio
/dev/snd/controlC1: theregrunner 1929 F.... pulseaudio
CurrentDesktop: Unity
Date: Sat Feb 27 09:03:53 2016
HibernationDevice: RESUME=UUID=fcbb15dc-294e-4d63-8dd4-7df9864e02c2
InstallationDate: Installed on 2016-02-22 (4 days ago)
InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Alpha amd64 (20160219)
IwConfig:
enp5s0 no wireless extensions.
lo no wireless extensions.
PackageArchitecture: all
ProcFB: 0 nouveaufb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-7-generic
root=UUID=9879fcc8-079a-4975-82d8-d3aff297191d ro quiet splash vt.handoff=7
RelatedPackageVersions:
linux-restricted-modules-4.4.0-7-generic N/A
linux-backports-modules-4.4.0-7-generic N/A
linux-firmware 1.156
RfKill:
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 11/05/2009
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: 080015
dmi.board.name: GeForce 8000 series
dmi.board.version: 1.0
dmi.chassis.type: 3
dmi.modalias:
dmi:bvnAmericanMegatrendsInc.:bvr080015:bd11/05/2009:svn:pnGeForce8000series:pvr1.0:rvn:rnGeForce8000series:rvr1.0:cvn:ct3:cvr:
dmi.product.name: GeForce 8000 series
dmi.product.version: 1.0
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1550676/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
