Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3907

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-3907
Last Modified 19 Aug 2009 01:18:54
Published 04 Sep 2008 01:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3907

Summary

The open-in-browser command in newsbeuter before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a feed URL.

Vulnerable Systems

Application

  • Newsbeuter 0.1.1

  • Newsbeuter 0.2

  • Newsbeuter 0.3

  • Newsbeuter 0.4

  • Newsbeuter 0.5

  • Newsbeuter 0.6

  • Newsbeuter 0.7

  • Newsbeuter 0.8

  • Newsbeuter 0.8.1

  • Newsbeuter 0.8.2

  • Newsbeuter 0.9

  • Newsbeuter 0.9.1

  • Newsbeuter 1.0


References

XF - newsbeuter-url-command-execution(44791)

BID - 30964

MLIST - [oss-security] 20080901 CVE id request: newsbeuter

CONFIRM - http://www.newsbeuter.org/downloads/CHANGES

GENTOO - GLSA-200809-12

SECUNIA - 31995

SECUNIA - 31676

CONFIRM - http://newsbeuter.wordpress.com/2008/09/01/newsbeuter-11-released-contains-security-fix-please-upgrade/


Last Updated: 27 May 2016 10:48:20