search

meteoinfo / MeteoInfo

MeteoInfo: GIS, scientific computation and visualization environment.
http://www.meteothink.org/
GNU Lesser General Public License v3.0
317 stars 94 forks source link

Uncontrolled search path #16

Closed Zero871015 closed 1 year ago

Zero871015 commented 3 years ago

Describe

If there is a file named "cmd.exe" located at Meteoinfo's working directory, when we run Meteoinfo, the file will be executed.

How To Reproduce

  1. Copy "calc.exe" to the folder of Meteoinfoand rename to "cmd.exe" (Just for test).
  2. Execute "MeteoInfoLab.exe"
  3. Your "calc.exe"(cmd.exe) is executed. image image

Here is demo.

CVE-2019-17664

I was working on CVE-2019-17664, and it indicates that the problem is on Jython not Ghidra. Jython already raised the issue to fix it on next version(Jython 2.7.3), but for now is only 2.7.2. I just that you know the Jython exploits, you can fix it yourself or wait Jython patch.

Environment

Yaqiang commented 3 years ago

Thanks for this issue report!