cve-2008-5718
Vulnerability from cvelistv5
Published
2008-12-26 17:08
Modified
2024-08-07 11:04
Severity ?
EPSS score ?
Summary
The papd daemon in Netatalk before 2.0.4-beta2, when using certain variables in a pipe command for the print file, allows remote attackers to execute arbitrary commands via shell metacharacters in a print request, as demonstrated using a crafted Title.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T11:04:44.559Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=648189" }, { "name": "DSA-1705", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2009/dsa-1705" }, { "name": "34484", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/34484" }, { "name": "FEDORA-2009-3064", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00962.html" }, { "name": "FEDORA-2009-3069", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00966.html" }, { "name": "33548", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33548" }, { "name": "33227", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33227" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "50824", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/50824" }, { "name": "32925", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/32925" }, { "name": "[oss-security] 20090114 update on CVE-2008-5718", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2009/01/13/3" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-12-18T00:00:00", "descriptions": [ { "lang": "en", "value": "The papd daemon in Netatalk before 2.0.4-beta2, when using certain variables in a pipe command for the print file, allows remote attackers to execute arbitrary commands via shell metacharacters in a print request, as demonstrated using a crafted Title." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2009-01-22T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=648189" }, { "name": "DSA-1705", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2009/dsa-1705" }, { "name": "34484", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/34484" }, { "name": "FEDORA-2009-3064", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00962.html" }, { "name": "FEDORA-2009-3069", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00966.html" }, { "name": "33548", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33548" }, { "name": "33227", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33227" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "50824", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/50824" }, { "name": "32925", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/32925" }, { "name": "[oss-security] 20090114 update on CVE-2008-5718", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2009/01/13/3" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5718", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The papd daemon in Netatalk before 2.0.4-beta2, when using certain variables in a pipe command for the print file, allows remote attackers to execute arbitrary commands via shell metacharacters in a print request, as demonstrated using a crafted Title." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://sourceforge.net/project/shownotes.php?release_id=648189", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=648189" }, { "name": "DSA-1705", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2009/dsa-1705" }, { "name": "34484", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34484" }, { "name": "FEDORA-2009-3064", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00962.html" }, { "name": "FEDORA-2009-3069", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00966.html" }, { "name": "33548", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33548" }, { "name": "33227", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33227" }, { "name": "SUSE-SR:2009:004", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "50824", "refsource": "OSVDB", "url": "http://osvdb.org/50824" }, { "name": "32925", "refsource": "BID", "url": "http://www.securityfocus.com/bid/32925" }, { "name": "[oss-security] 20090114 update on CVE-2008-5718", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2009/01/13/3" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5718", "datePublished": "2008-12-26T17:08:00", "dateReserved": "2008-12-26T00:00:00", "dateUpdated": "2024-08-07T11:04:44.559Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2008-5718\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-12-26T17:30:00.453\",\"lastModified\":\"2009-04-02T04:00:00.000\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The papd daemon in Netatalk before 2.0.4-beta2, when using certain variables in a pipe command for the print file, allows remote attackers to execute arbitrary commands via shell metacharacters in a print request, as demonstrated using a crafted Title.\"},{\"lang\":\"es\",\"value\":\"El demonio papd en Netatalk anterior a la versi\u00f3n 2.0.4-beta2, cuando se utilizan ciertas variables en un comando pipe para el archivo print, permite a los atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres shell en una petici\u00f3n print, como se muestra utilizando un t\u00edtulo creado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":9.3},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.0.3\",\"matchCriteriaId\":\"AE54A8AE-4A5C-49E3-85E9-6B98E1FA8FE9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.4.99-0.20000927:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F2E2712-3A5F-4B85-8002-8CF930BB56D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.4.99-0.20001108:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C9DBE37-D511-4D43-9439-217CA6197209\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.5:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"883A8C43-5190-420F-9198-11BFFC6FC11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.5:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"37D67DDF-BADE-49E2-9C23-D7B7A8852BEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B93E06D-AFF0-430F-A813-81C9CBEFD2E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F7D38B3-8337-4100-AE05-FFE4DD1BBAC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.5.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"807D8A23-9754-45F3-960A-61CCCB770D34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37213229-90C4-4DD2-9FC5-050DA20CDA03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.5.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"505166C0-054B-4CF0-B578-062BE2CC2F6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60839BFB-D6CC-4C10-8F77-5212B1D7122F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.5pre3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66E6659A-090A-4530-8DD2-DCDDE3B9DC28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.5pre4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"539606AD-F238-4B2A-A0C8-E7F966B911CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.5pre5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D48C1E8-7B05-40F9-999E-134051E01BBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.5pre6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35C50763-FBB0-4BB3-BD0D-559F77000C98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.5pre7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5970BEF7-6157-4578-84EE-314AA2788A0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.5pre8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18928D5D-D8C0-4AB4-9FF0-0C3319DF42FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18C2C602-7664-4C9B-9AA9-6E5BF9E509B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D7AEEFA-8E33-4C2E-8B2F-902C4E448D0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23DEE4B4-8FB4-48AC-B696-6B6C4A7FCFC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D72C34FC-AA36-409D-BBAA-CE2C19293326\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9A3E26A-EFF9-4754-A98E-4D972454866C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:1.6.4a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01BAED79-3A01-4D1D-97A8-0A65DDD85516\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:2.0:alpha1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF660756-9374-48D0-BF8E-507F20E18631\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:2.0:alpha2:*:*:*:*:*:*\",\"matchCriteriaId\":\"F30B40F1-737A-4818-893C-3316A7EAE0F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:2.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B39D755E-C924-4135-99F0-645466949F56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:2.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B5E3E8B-91BB-404A-B5E6-5E372558DCA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:2.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"370406D5-6FAD-4064-AA00-5987D2C8BE06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:2.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE9DB24C-BEDC-45F0-811F-41607034C5BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"159AF306-E2C0-4F94-93D3-85409B5D892E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"097B2536-37F4-458F-9298-FE83EE967725\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA9295B1-8C9E-4D74-8786-A3B893BC459D\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/50824\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/33227\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/33548\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/34484\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://sourceforge.net/project/shownotes.php?release_id=648189\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2009/dsa-1705\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2009/01/13/3\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/32925\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00962.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00966.html\",\"source\":\"cve@mitre.org\"}]}}" } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.