Bug#882372: ohcount: Command injection through file names
Control: retitle -1 ohcount: CVE-2017-16926: Command injection through file names Hi Jonathan, A CVE got assigned by MITRE for this issue: CVE-2017-16926. Regards, Salvatore
Bug#882372: ohcount: Command injection through file names
Package: ohcount Version: 3.0.0-8.3 Severity: grave Tags: upstream security Justification: user security hole When ohcount tries to determine the type of a file with a specially crafted name, it can execute arbitrary shell commands through improper quoting. Details below. ## PoC > $ echo hi > "t
