p5-UI-Dialog -- shell command execution vulnerability

ID 00DADBF0-6F61-11E5-A2A1-002590263BF5
Type freebsd
Reporter FreeBSD
Modified 2008-08-24T00:00:00


Matthijs Kooijman reports:

It seems that the whiptail, cdialog and kdialog backends apply some improper escaping in their shell commands, causing special characters present in menu item titles to be interpreted by the shell. This includes the backtick evaluation operator, so this constitutes a security issue, allowing execution of arbitrary commands if an attacker has control over the text displayed in a menu.