terminal
Page content
- Author: voroskoi
- Vulnerable: 0.2.6-1
- Unaffected: 0.2.6-2terminus1
Lasse Karkkainen has reported a security issue in Xfce Terminal, which can be exploited by malicious people to inject shell commands. The “terminal_helper_execute()” function in terminal/terminal.c uses “/bin/sh -c” to spawn the browser process. This can be used to disclose sensitive information or execute shell commands by e.g. tricking a user into opening a malicious link using the “Open Link” functionality.
- Bug Tracker URL: http://bugs.frugalware.org/task/2256