Shutter user-assisted remote code execution

vendor:

Shutter

by:

Prajith P

7,8

CVSS

HIGH

Remote Code Execution

CWE

Product Name: Shutter

Affected Version From: 0.93.1

Affected Version To: 0.93.1

Patch Exists: YES

Related CWE: CVE-2016-10081

CPE: a:shutter_project:shutter

Metasploit: https://www.rapid7.com/db/vulnerabilities/suse-cve-2016-10081/

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Ubuntu, Debian

2016

Shutter user-assisted remote code execution

/usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Run a plugin" action.

Mitigation:

Update to the latest version of Shutter

Source

Exploit-DB raw data:

# Exploit Title: Shutter user-assisted remote code execution
# Date: 2016-12-26
# Software Link: http://shutter-project.org/
# Version: 0.93.1
# Tested on: Ubuntu,  Debian
# Exploit Author: Prajith P
# Website: http://prajith.in/
# Author Mail: me@prajith.in
# CVE: CVE-2016-10081

1. Description.
   /usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote
attackers to execute arbitrary commands via a crafted image name that is
mishandled during a "Run a plugin" action.

2. Proof of concept.
   1) Rename an image to something like "$(firefox)"
   2) Open the renamed file in shutter
   3) Click the "Run a plugin" option and select any plugin from the list and click "Run"

3. Solution:
  https://bugs.launchpad.net/shutter/+bug/1652600


Thanks,
Prajithh