1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Dia Application Remote Code Exec

HTTP Dia Application Remote Code Exec

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit a remote command excution vulnerability in Dia application.

Additional Information

Dia is a diagram application implemented in GTK+; it is available for Linux, UNIX, and Windows.

The application is prone to a remote command-execution vulnerability because it may include Python files from an unsafe location. The problem occurs because the application's Python interface (dia-0.96.1.orig/plug-ins/python/python.c') calls 'PySys_SetArgv' with a parameter that doesn't resolve to a filename. Python will subsequently prefix 'sys.path' with an empty string, allowing an arbitrary file to run in the working directory.

An attacker could exploit this issue by enticing an unsuspecting victim to run the vulnerable application in a directory containing a malicious Python file with a specific name. A successful exploit will allow arbitrary Python commands to run with the privileges of the currently logged-in user.

Response

Updates are available. Please see the references for more information.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube