fvwm-devel
Page content
- Author: voroskoi
- Vulnerable: 2.5.17-1
- Unaffected: 2.5.17-2siwenna1
Tavis Ormandy has reported a security issue in FVWM, which can be exploited by malicious, local users to bypass certain security restrictions. The security issue is caused due to an input validation error in the “evalFolderLine()” function. This can be exploited to execute arbitrary commands by tricking a user into using the “fvwm-menu-directory” command on a specially crafted directory.
- Bug Tracker URL: http://bugs.frugalware.org/task/1485