CESA-2006-002 - rev 1

[See all my vulnerabilities at http://scary.beasts.org/security]

beagle insecure command line construction

Programs affected: beagle-0.2.4 and older.
Severity: Command line argument injection to helper applications.
Fixed: beagle-0.2.5
CVE identifier(s): CVE-2006-1865

beagle is an indexing technology that supports lots of different file formats. To support some of these file formats, beagle executes external helper applications. The command lines for these applications were not build securely, allowing an attacker to insert arbitrary command line arguments to the helper applications by co-ercing a victim into downloading a specially named file.

Possible attack vectors here include:

CESA-2006-002 - rev 1
Chris Evans