All articles tagged as:


Foomatic-RIP (CVE-2015-8560)

Just a quick writeup today, recently I uncovered an issue in the Foomatic-RIP package. The bug can be found within the "filter/foomatic-rip/util.c" source and is due to the whitelist used within the following line: const char* shellescapes = "|&!$\'\"`#*?()[]{}"; This blacklist is used to sanitise characters that are later passed to the libc system() call. It seems that this blacklist is missing the ; character, which means that if we can influence an argument passed to footmatic-rip which is later passed to a shell command, we can potentially execute arbitary arguments. For example, on…

Read more »