[30682] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: xpdf vulnerability - CAN-2003-0434

daemon@ATHENA.MIT.EDU (Andries.Brouwer@cwi.nl)
Wed Jul 9 17:56:22 2003

From: Andries.Brouwer@cwi.nl
Date: Wed, 9 Jul 2003 22:36:40 +0200 (MEST)
Message-Id: <UTC200307092036.h69Kaeb02775.aeb@smtp.cwi.nl>
To: Andries.Brouwer@cwi.nl, shalunov@internet2.edu

>> A urlCommand like the default "netscape -remote 'openURL(%s)'"
>> is OK since the %s is protected by single quotes.

> How so?  Consider an argument of
>	'`rm -rf /tmp/test`'

xpdf already filters out single and double quotes, so
these do not occur in arguments.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[30682] in bugtraq

Re: xpdf vulnerability - CAN-2003-0434

daemon@ATHENA.MIT.EDU (Andries.Brouwer@cwi.nl)Wed Jul 9 17:56:22 2003

daemon@ATHENA.MIT.EDU (Andries.Brouwer@cwi.nl)
Wed Jul 9 17:56:22 2003