CVE-2011-2899

Sažetak

pysmb.py in system-config-printer 0.6.x and 0.7.x, as used in foomatic-gui and possibly other products, allows remote SMB servers to execute arbitrary commands via shell metacharacters in the (1) NetBIOS or (2) workgroup name, which are not properly handled when searching for network printers.

Reference

http://cvs.savannah.gnu.org/viewvc/foomatic-gui/foomatic/pysmb.py?root=foomatic-gui&r1=1.2&r2=1.3&view=patch
http://secunia.com/advisories/45744
http://www.redhat.com/support/errata/RHSA-2011-1196.html
http://www.securitytracker.com/id?1025967
https://bugs.launchpad.net/ubuntu/+source/foomatic-gui/+bug/811119
https://bugzilla.redhat.com/show_bug.cgi?id=728348

CVSS

Base:	5.1
Impact:	6.4
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:H/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

15-06-2012 - 04:00

Objavljeno

31-08-2011 - 23:55