Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:28383
HistoryAug 20, 2012 - 12:00 a.m.

GIMP Scriptfu Python Remote Command Execution

2012-08-2000:00:00
vulners.com
12
JSON

Summary

There is an arbitrary command execution vulnerability in the scriptfu
network server
console in the GIMP 2.6 branch. It is possible to use a python scriptfu
command to run
arbitrary operating-system commands and potentially take full control of the
host.

The advisory is posted here:
http://www.reactionpenetrationtesting.co.uk/GIMP-scriptfu-python-command-exe
cution.html

CVE number: CVE-2012-4245
Vendor homepage: http://www.gimp.org/
Vendor notified: 9/8/2012

Affected Products

GIMP 2.6 branch (Windows or Linux builds)

Non-Affected Products

The Scriptfu network server component does not currently work in the GIMP
2.8 branch
(Windows or Linux builds).

Details

There is an arbitrary command execution vulnerability in the scriptfu
network server
console in the GIMP 2.6 branch. It is possible to use a python scriptfu
command to run
arbitrary operating-system commands and potentially take full control of the
host.
The following command will write "foo" to "/tmp/owned":

(python-fu-eval 0 "file = open('/tmp/owned','w')\nfile.write('foo')")

Impact

Successful exploitation of the vulnerability may result in remote command
execution.

Solution

No solution has been implemented at this stage apart from the workaround
below.

Workaround

Do not enable the scriptfu network server.
The GIMP development team have stated that this component was not designed
with security
in mind and therefore should not be used in production environments.

Distribution

In addition to posting on the website, a text version of this notice
is posted to the following e-mail and Usenet news recipients.

  • bugtraq () securityfocus com
  • full-disclosure () lists grok org uk

Future updates of this advisory, if any, will be placed on the ReactionIS
corporate website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the URL below for any updates:

http://www.reactionpenetrationtesting.co.uk/GIMP-scriptfu-python-command-exe
cution.html

============================================================================

Related

debiancve 1
cve 1
nessus 2
ubuntucve 1
prion 1
securityvulns 1
gentoo 1
openvas 1
debiancve
debiancve
CVE-2012-4245
2012-08-31 18:55:00
cve
cve
CVE-2012-4245
2012-08-31 18:55:00
nessus
nessus
Oracle Solaris Third-Party Patch Update : gimp (cve_2012_4245_arbitrary_code)
2015-01-19 00:00:00
GLSA-201603-01 : GIMP: Multiple vulnerabilities
2016-03-07 00:00:00
ubuntucve
ubuntucve
CVE-2012-4245
2012-08-31 00:00:00
prion
prion
Command injection
2012-08-31 18:55:00
securityvulns
securityvulns
GIMP script-fu buffer overflow
2012-08-20 00:00:00
gentoo
gentoo
GIMP: Multiple vulnerabilities
2016-03-06 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201603-01
2016-03-08 00:00:00
JSON
Related for SECURITYVULNS:DOC:28383
debiancve1cve1nessus2ubuntucve1prion1securityvulns1gentoo1openvas1