[11267] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Gnumeric potential security hole.

daemon@ATHENA.MIT.EDU (Miguel de Icaza)
Thu Aug 5 10:56:39 1999

Message-Id:  <199908031423.JAA12210@erandi.nuclecu.unam.mx>
Date:         Tue, 3 Aug 1999 09:23:03 -0500
Reply-To: Miguel de Icaza <miguel@GNU.ORG>
From: Miguel de Icaza <miguel@GNU.ORG>
X-To:         BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM

The Gnumeric spreadsheet contains a number of "plugins".  Some of
these plugins allow users to define functions in Perl, Python and
Guile and export those to the Gnumeric engine.

The Guile plugin was exporting a dangerous function that allowed any
user to execute arbitrary scheme code.  Which means that a gnumeric
spredsheet file might have contained malicious code and it would have
been executed when Gnumeric evaluates the contents of the cell.

To fix this you can either:

   1. Upgrade your Gnumeric to a new version of it.
   2. You can remove the libgnumguile plugin from the system.

best wishes,
Miguel


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[11267] in bugtraq

Gnumeric potential security hole.

daemon@ATHENA.MIT.EDU (Miguel de Icaza)Thu Aug 5 10:56:39 1999

daemon@ATHENA.MIT.EDU (Miguel de Icaza)
Thu Aug 5 10:56:39 1999