Gnumeric potential security hole.

From: Miguel de Icaza (miguelat_private)
Date: Tue Aug 03 1999 - 07:23:03 PDT

Next message: The Tech-Admin Dude: "Re: Cisco 675 password nonsense"

Previous message: Adam H. Pendleton: "Re: IE5 ActiveX security bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The Gnumeric spreadsheet contains a number of "plugins".  Some of
these plugins allow users to define functions in Perl, Python and
Guile and export those to the Gnumeric engine.

The Guile plugin was exporting a dangerous function that allowed any
user to execute arbitrary scheme code.  Which means that a gnumeric
spredsheet file might have contained malicious code and it would have
been executed when Gnumeric evaluates the contents of the cell.

To fix this you can either:

   1. Upgrade your Gnumeric to a new version of it.
   2. You can remove the libgnumguile plugin from the system.

best wishes,
Miguel

Next message: The Tech-Admin Dude: "Re: Cisco 675 password nonsense"
Previous message: Adam H. Pendleton: "Re: IE5 ActiveX security bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:55:02 PDT