Shutter 0.93.1 – Code Execution

Exploit Database
33 阅读

作者： Prajith

日期： 2016-12-26
类别：
- local
平台：
- linux
来源：https://www.exploit-db.com/exploits/41435/

# Exploit Title: Shutter user-assisted remote code execution
# Date: 2016-12-26
# Software Link: http://shutter-project.org/
# Version: 0.93.1
# Tested on: Ubuntu,Debian
# Exploit Author: Prajith P
# Website: http://prajith.in/
# Author Mail: me@prajith.in
# CVE: CVE-2016-10081

1. Description.
 /usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote
attackers to execute arbitrary commands via a crafted image name that is
mishandled during a "Run a plugin" action.

2. Proof of concept.
 1) Rename an image to something like "$(firefox)"
 2) Open the renamed file in shutter
 3) Click the "Run a plugin" option and select any plugin from the list and click "Run"

3. Solution:
https://bugs.launchpad.net/shutter/+bug/1652600


Thanks,
Prajithh

last Exploits
Shutter 0.93.1 – Code Execution的更多信息

Zoho ManageEngine ADManager Plus 6.6 (Build < 6659) - Privilege Escalation：
MiniShare 1.5.5 – ‘users.txt’ Local Buffer Overflow (Egghunter)：
Linux PAM 1.1.0 (Ubuntu 9.10/10.04) – MOTD File Tampering Privilege Escalation (2)：
Muse Music All-in-One 1.5.0.001 – ‘.pls’ Local Buffer Overflow (DEP Bypass)：
Linux Kernel – UDP Fragmentation Offset ‘UFO’ Privilege Escalation (Metasploit)：
Microsoft Windows – ‘CNG.SYS’ Kernel Security Feature Bypass (MS15-052)：
Linux Kernel 4.4.0-21 < 4.4.0-51 (Ubuntu 14.04/16.04 x64) - 'AF_PACKET' Race Condition Privilege Escalation：
River Past Video Cleaner 7.6.3 – Local Buffer Overflow (SEH)：