Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2548

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2548
Last Modified 10 Aug 2011 12:00:00
Published 23 May 2006 06:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2548

Summary

Prodder before 0.5, and perlpodder before 0.5, allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast (url attribute of an enclosure tag, or $enc_url variable), which is executed when running wget.

Vulnerable Systems

Application

  • Perlpodder 0.2

  • Perlpodder 0.3

  • Perlpodder 0.4

  • Prodder 0.3

  • Prodder 0.4


References

BID - 18068

BUGTRAQ - 20060522 Prodder Remote Arbitrary Command Execution

MISC - http://www.redteam-pentesting.de/advisories/rt-sa-2006-003.php

MISC - http://www.redteam-pentesting.de/advisories/rt-sa-2006-002.php

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=418189&group_id=148643

SECUNIA - 20208

XF - perlpodder-dlset-command-execution(26575)

XF - prodder-encurl-command-execution(26568)

VUPEN - ADV-2006-1905

OSVDB - 25690

SREASON - 942

SECUNIA - 20238


Last Updated: 27 May 2016 10:42:40