FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gnomevfs -- unsafe URI handling

Affected packages
gnomevfs2 < 2.6.2_1
gnomevfs < 1.0.5_6
mc <= 4.6.0_12

Details

VuXML ID 7884d56f-f7a1-11d8-9837-000c41e2cdad
Discovery 2004-08-04
Entry 2004-08-26

Alexander Larsson reports that some versions of gnome-vfs and MidnightCommander contain a number of `extfs' scripts that do not properly validate user input. If an attacker can cause her victim to process a specially-crafted URI, arbitrary commands can be executed with the privileges of the victim.

References

Bugtraq ID 10864
CVE Name CVE-2004-0494
URL http://www.ciac.org/ciac/bulletins/o-194.shtml
URL http://xforce.iss.net/xforce/xfdb/16897
URL https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127263