Re: xpdf vulnerability - CAN-2003-0434

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Andries.Brouwer@cwi.nl, shalunov@internet2.edu
Subject: Re: xpdf vulnerability - CAN-2003-0434
From: Andries.Brouwer@cwi.nl
Date: Wed, 9 Jul 2003 22:36:40 +0200 (MEST)

>> A urlCommand like the default "netscape -remote 'openURL(%s)'"
>> is OK since the %s is protected by single quotes.

> How so?  Consider an argument of
>	'`rm -rf /tmp/test`'

xpdf already filters out single and double quotes, so
these do not occur in arguments.

Prev by Date: PalmOS Memo Record Hiding Vulnerability.
Next by Date: Re: PalmOS Memo Record Hiding Vulnerability.
Previous by thread: Re: xpdf vulnerability - CAN-2003-0434
Next by thread: Information Disclosure Vulnerability in bitboard2
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux