CVE-2008-5718
Vulnerability from cvelistv5
Published
2008-12-26 17:08
Modified
2024-08-07 11:04
Severity ?
EPSS score ?
Summary
The papd daemon in Netatalk before 2.0.4-beta2, when using certain variables in a pipe command for the print file, allows remote attackers to execute arbitrary commands via shell metacharacters in a print request, as demonstrated using a crafted Title.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:44.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=648189"
},
{
"name": "DSA-1705",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1705"
},
{
"name": "34484",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34484"
},
{
"name": "FEDORA-2009-3064",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00962.html"
},
{
"name": "FEDORA-2009-3069",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00966.html"
},
{
"name": "33548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33548"
},
{
"name": "33227",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33227"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "50824",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50824"
},
{
"name": "32925",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32925"
},
{
"name": "[oss-security] 20090114 update on CVE-2008-5718",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/01/13/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The papd daemon in Netatalk before 2.0.4-beta2, when using certain variables in a pipe command for the print file, allows remote attackers to execute arbitrary commands via shell metacharacters in a print request, as demonstrated using a crafted Title."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-01-22T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=648189"
},
{
"name": "DSA-1705",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1705"
},
{
"name": "34484",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34484"
},
{
"name": "FEDORA-2009-3064",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00962.html"
},
{
"name": "FEDORA-2009-3069",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00966.html"
},
{
"name": "33548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33548"
},
{
"name": "33227",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33227"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "50824",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50824"
},
{
"name": "32925",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32925"
},
{
"name": "[oss-security] 20090114 update on CVE-2008-5718",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/01/13/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The papd daemon in Netatalk before 2.0.4-beta2, when using certain variables in a pipe command for the print file, allows remote attackers to execute arbitrary commands via shell metacharacters in a print request, as demonstrated using a crafted Title."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=648189",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=648189"
},
{
"name": "DSA-1705",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1705"
},
{
"name": "34484",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34484"
},
{
"name": "FEDORA-2009-3064",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00962.html"
},
{
"name": "FEDORA-2009-3069",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00966.html"
},
{
"name": "33548",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33548"
},
{
"name": "33227",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33227"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "50824",
"refsource": "OSVDB",
"url": "http://osvdb.org/50824"
},
{
"name": "32925",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32925"
},
{
"name": "[oss-security] 20090114 update on CVE-2008-5718",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/01/13/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5718",
"datePublished": "2008-12-26T17:08:00",
"dateReserved": "2008-12-26T00:00:00",
"dateUpdated": "2024-08-07T11:04:44.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2008-5718\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-12-26T17:30:00.453\",\"lastModified\":\"2009-04-02T04:00:00.000\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The papd daemon in Netatalk before 2.0.4-beta2, when using certain variables in a pipe command for the print file, allows remote attackers to execute arbitrary commands via shell metacharacters in a print request, as demonstrated using a crafted Title.\"},{\"lang\":\"es\",\"value\":\"El demonio papd en Netatalk anterior a la versi\u00f3n 2.0.4-beta2, cuando se utilizan ciertas variables en un comando pipe para el archivo print, permite a los atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres shell en una petici\u00f3n print, como se muestra utilizando un t\u00edtulo creado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":9.3},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.0.3\",\"matchCriteriaId\":\"AE54A8AE-4A5C-49E3-85E9-6B98E1FA8FE9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.4.99-0.20000927:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F2E2712-3A5F-4B85-8002-8CF930BB56D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.4.99-0.20001108:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C9DBE37-D511-4D43-9439-217CA6197209\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.5:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"883A8C43-5190-420F-9198-11BFFC6FC11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.5:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"37D67DDF-BADE-49E2-9C23-D7B7A8852BEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B93E06D-AFF0-430F-A813-81C9CBEFD2E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F7D38B3-8337-4100-AE05-FFE4DD1BBAC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.5.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"807D8A23-9754-45F3-960A-61CCCB770D34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37213229-90C4-4DD2-9FC5-050DA20CDA03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.5.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"505166C0-054B-4CF0-B578-062BE2CC2F6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60839BFB-D6CC-4C10-8F77-5212B1D7122F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.5pre3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66E6659A-090A-4530-8DD2-DCDDE3B9DC28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.5pre4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"539606AD-F238-4B2A-A0C8-E7F966B911CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.5pre5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D48C1E8-7B05-40F9-999E-134051E01BBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.5pre6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35C50763-FBB0-4BB3-BD0D-559F77000C98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.5pre7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5970BEF7-6157-4578-84EE-314AA2788A0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.5pre8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18928D5D-D8C0-4AB4-9FF0-0C3319DF42FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18C2C602-7664-4C9B-9AA9-6E5BF9E509B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D7AEEFA-8E33-4C2E-8B2F-902C4E448D0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23DEE4B4-8FB4-48AC-B696-6B6C4A7FCFC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D72C34FC-AA36-409D-BBAA-CE2C19293326\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9A3E26A-EFF9-4754-A98E-4D972454866C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.6.4a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01BAED79-3A01-4D1D-97A8-0A65DDD85516\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:2.0:alpha1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF660756-9374-48D0-BF8E-507F20E18631\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:2.0:alpha2:*:*:*:*:*:*\",\"matchCriteriaId\":\"F30B40F1-737A-4818-893C-3316A7EAE0F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:2.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B39D755E-C924-4135-99F0-645466949F56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:2.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B5E3E8B-91BB-404A-B5E6-5E372558DCA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:2.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"370406D5-6FAD-4064-AA00-5987D2C8BE06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:2.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE9DB24C-BEDC-45F0-811F-41607034C5BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"159AF306-E2C0-4F94-93D3-85409B5D892E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"097B2536-37F4-458F-9298-FE83EE967725\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA9295B1-8C9E-4D74-8786-A3B893BC459D\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/50824\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/33227\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/33548\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/34484\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://sourceforge.net/project/shownotes.php?release_id=648189\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2009/dsa-1705\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2009/01/13/3\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/32925\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00962.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00966.html\",\"source\":\"cve@mitre.org\"}]}}"
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.