OpenBSD VuXML: Documenting security issues in the OpenBSD Ports & Packages Collection

gnomevfs -- unsafe URI handling

Affected packages
gnome-vfs < 1.0.5p0

Details

VuXML ID f009a996-5c98-11d9-b1e2-080020f8e4df
Discovery 2004-08-04
Entry 2005-01-02

Alexander Larsson reports that some versions of gnome-vfs contain a number of `extfs' scripts that do not properly validate user input. If an attacker can cause her victim to process a specially-crafted URI, arbitrary commands can be executed with the privileges of the victim.

Current versions of gnome-vfs2 do not support 'extfs' any more.

References

Bugtraq ID 10864
CVE Name CAN-2004-0494
URL http://www.ciac.org/ciac/bulletins/o-194.shtml
URL http://xforce.iss.net/xforce/xfdb/16897
URL https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127263

Copyright © 2003-2005 Jacques Vidrine, Robert Nagy, and contributors.
Please see the source of this document for full copyright information.