SLRN Arbitrary Shell Script Execution Vulnerability

slrn is a freely available NTTP reader by Thomas Schultz. It is maintained and developed by the slrn project.

A problem in the program has been discovered that could allow arbitrary command execution. When a user of slrn downloads a post with a binary contained, slrn will execute any shell script contained in the post included with the binary.

This could lead to arbitrary command execution, and a remote user gaining access to the system with the privileges of the slrn user. This is currently known to affect only Debian Linux.


Privacy Statement
Copyright 2010, SecurityFocus