lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 26 Jun 2009 20:24:44 +0200
From: Pavel Machek <pavel@....cz>
To: Bugtraq mailing list <bugtraq@...urityfocus.com>
Subject: evil little dictionary

Subject: stardict broadcasts clipboard context over network
Package: stardict
Version: 3.0.1-4.1
Justification: user security hole
Severity: grave
Tags: security

*** Please type your report below this line ***

In default config "enable net dict" is selected, it attempts to grab
clipboard and sends it over network... Unfortunately, not nearly all
data in clipboard are meant for translation, and some may be pretty
sensitive.

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.30 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=cs_CZ (charmap=ISO-8859-2)
Shell: /bin/sh linked to /bin/bash

Versions of packages stardict depends on:
ii  stardict-gnome                3.0.1-4.1  International dictionary
for GNOME

stardict recommends no packages.

stardict suggests no packages.

-- no debconf information

-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ