[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20090626182444.GA17365@elf.ucw.cz>
Date: Fri, 26 Jun 2009 20:24:44 +0200
From: Pavel Machek <pavel@....cz>
To: Bugtraq mailing list <bugtraq@...urityfocus.com>
Subject: evil little dictionary
Subject: stardict broadcasts clipboard context over network
Package: stardict
Version: 3.0.1-4.1
Justification: user security hole
Severity: grave
Tags: security
*** Please type your report below this line ***
In default config "enable net dict" is selected, it attempts to grab
clipboard and sends it over network... Unfortunately, not nearly all
data in clipboard are meant for translation, and some may be pretty
sensitive.
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.30 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=cs_CZ (charmap=ISO-8859-2)
Shell: /bin/sh linked to /bin/bash
Versions of packages stardict depends on:
ii stardict-gnome 3.0.1-4.1 International dictionary
for GNOME
stardict recommends no packages.
stardict suggests no packages.
-- no debconf information
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Powered by blists - more mailing lists