Gaim Vulnerability
| Title | Smiley theme installation lack of escaping |
|---|
| Date | 22 August 2004 |
|---|
| CVE Name | CAN-2004-0784 |
|---|
| Discovered By | A Gaim Crazy Patch Writer |
|---|
| Summary | Dragging a carefully crafted smiley theme filename onto Gaim could cause arbitrary command execution. |
|---|
| Description | To install a new smiley theme, a user can drag a tarball from a graphical file manager, or a hypertext link to one from a web browser. When a tarball is dragged, Gaim executes a shell command to untar it. However, it does not escape the filename before sending it to the shell. Thus, a specially crafted filename could execute arbitrary commands if the user could be convinced to drag a file into the smiley theme selector. |
|---|
| Fixed in Version | 0.82 |
|---|
| Fix | Filenames are now escaped using g_shell_quote(). |
|---|
Return to Index of Vulnerabilities
Gaim
