Shutter user-assisted remote code execution

Published
Credit
Risk
2017.02.23
Prajith P
High
CWE
CVE
Local
Remote
N/A
CVE-2016-10081
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

# Exploit Title: Shutter user-assisted remote code execution
# Date: 2016-12-26
# Software Link: http://shutter-project.org/
# Version: 0.93.1
# Tested on: Ubuntu, Debian
# Exploit Author: Prajith P
# Website: http://prajith.in/
# Author Mail: me@prajith.in
# CVE: CVE-2016-10081

1. Description.
/usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote
attackers to execute arbitrary commands via a crafted image name that is
mishandled during a "Run a plugin" action.

2. Proof of concept.
1) Rename an image to something like "$(firefox)"
2) Open the renamed file in shutter
3) Click the "Run a plugin" option and select any plugin from the list and click "Run"

3. Solution:
https://bugs.launchpad.net/shutter/+bug/1652600


Thanks,
Prajithh

References:

https://bugs.launchpad.net/shutter/+bug/1652600


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com