FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

weechat -- Arbitrary shell command execution via scripts

Affected packages
0.3.0 <= weechat < 0.3.9.2
weechat-devel < 20121118

Details

VuXML ID 81826d12-317a-11e2-9186-406186f3d89d
Discovery 2012-11-15
Entry 2012-11-18
Modified 2012-11-18

Sebastien Helleu reports:

Untrusted command for function hook_process could lead to execution of commands, because of shell expansions.

Workaround with a non-patched version: remove/unload all scripts calling function hook_process (for maximum safety).

[source]

References

URL http://weechat.org/security/
URL https://savannah.nongnu.org/bugs/?37764

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.