Exploit FVWM 2.4.17/2.5.8 - fvwm_make_browse_menu.sh Scripts Command Execution

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
23849
Проверка EDB
  1. Пройдено
Автор
DOMINIK VOGT
Тип уязвимости
LOCAL
Платформа
LINUX
CVE
null
Дата публикации
2004-03-19
Код:
source: https://www.securityfocus.com/bid/9922/info

It has been reported that the FVWM fvwm_make_browse_menu.sh script is prone to a command execution vulnerability. This issue is due to the script allowing a user to define which application should be used to execute the file via its filename.

An attacker may be able to leverage this issue to cause arbitrary commands to be executed with the privileges of a victim user.

$ touch 'Exec xmessage "0wn3d"'
 
Источник
www.exploit-db.com