GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Wed Feb 26, 2014 3:26 pm Post subject: [ GLSA 201402-27 ] pidgin-knotify: Arbitrary code execution |
 |
|
Gentoo Linux Security Advisory
Title: pidgin-knotify: Arbitrary code execution (GLSA 201402-27)
Severity: high
Exploitable: remote
Date: February 26, 2014
Bug(s): #336916
ID: 201402-27
Synopsis
A vulnerability in pidgin-knotify might allow remote attackers to
execute arbitrary code.
Background
pidgin-knotify is a Pidgin plug-in to display message notifications in
KDE.
Affected Packages
Package: x11-plugins/pidgin-knotify
Vulnerable: <= 0.2.1
Architectures: All supported architectures
Description
pidgin-knotify does not properly sanitize shell metacharacters from
received messages.
Impact
A remote attacker could send a specially crafted instant message,
possibly resulting in execution of arbitrary code with the privileges of
the Pidgin process.
Workaround
There is no known workaround at this time.
Resolution
Gentoo has discontinued support for pidgin-knotify. We recommend that
users unmerge pidgin-knotify:
| Code: | # emerge --unmerge "x11-plugins/pidgin-knotify"
|
References
CVE-2010-3088 |
|
News & Announcements
