#VU74578 OS Command Injection in Org Mode
Vulnerability identifier: #VU74578
Vulnerability risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-78
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Org Mode
Client/Desktop applications /
Office applications
Vendor: GNU
Description
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation within the org-babel-execute:latex in ob-latex.el when processing file or directory names. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary OS commands on the target system via a file name or directory name that contains shell metacharacters.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Org Mode: 4.13 - 9.6.1
External links
http://list.orgmode.org/tencent_04CF842704737012CCBCD63CD654DD41CA0A@qq.com/T/#m6ef8e7d34b25fe17b4cbb655b161edce18c6655e
http://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=8f8ec2ccf3f5ef8f38d68ec84a7e4739c45db485
http://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=a8006ea580ed74f27f974d60b598143b04ad1741
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
