Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3633

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2006-3633
Last Modified 25 Aug 2011 12:00:00
Published 26 Jul 2006 09:04:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2006-3633

Summary

OSSP shiela 1.1.5 and earlier allows remote authenticated users to execute arbitrary commands on the CVS server via shell metacharacters in a filename that is committed.

Vulnerable Systems

Application

  • Ossp Shiela 0.9.0

  • Ossp Shiela 0.9.1

  • Ossp Shiela 0.9.2

  • Ossp Shiela 1.0.0

  • Ossp Shiela 1.0.1

  • Ossp Shiela 1.0.2

  • Ossp Shiela 1.0.3

  • Ossp Shiela 1.0.4

  • Ossp Shiela 1.1.0

  • Ossp Shiela 1.1.1

  • Ossp Shiela 1.1.2

  • Ossp Shiela 1.1.3

  • Ossp Shiela 1.1.4

  • Ossp Shiela 1.1.5


References

XF - ossp-shiela-shell-command-execution(27978)

MISC - http://www.sourcefire.com/services/advisories/sa072506.html

BID - 19199

OPENPKG - OpenPKG-SA-2006.014

SECUNIA - 21209

VUPEN - ADV-2006-2986


Last Updated: 27 May 2016 10:43:05