CESA-2006-002 - rev 1
[See all my vulnerabilities at
http://scary.beasts.org/security]
beagle insecure command line construction
Programs affected: beagle-0.2.4 and older.
Severity: Command line argument injection to helper applications.
Fixed: beagle-0.2.5
CVE identifier(s): CVE-2006-1865
beagle is an indexing technology that supports lots of different file formats.
To support some of these file formats, beagle executes external helper
applications. The command lines for these applications were not build securely,
allowing an attacker to insert arbitrary command line arguments to the helper
applications by co-ercing a victim into downloading a specially named file.
Possible attack vectors here include:
- Inserting a command line argument to one of the helper applications
(mplayer, rpm, pdftotext, ssindex, etc.) which abuses a security vulnerability
that would not otherwise be accessible.
- Using the fact that some of these helper applications are network enabled
(mplayer, rpm) to fetch secondary data to assist the attack.
CESA-2006-002 - rev 1
Chris Evans
scarybeasts@gmail.com