Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4245

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-4245
Last Modified 29 May 2013 11:17:51
Published 31 Aug 2012 02:55:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4245

Summary

The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command.

Vulnerable Systems

Application

  • Gimp 2.6.0

  • Gimp 2.6.1

  • Gimp 2.6.10

  • Gimp 2.6.11

  • Gimp 2.6.12

  • Gimp 2.6.13

  • Gimp 2.6.2

  • Gimp 2.6.3

  • Gimp 2.6.4

  • Gimp 2.6.5

  • Gimp 2.6.6

  • Gimp 2.6.7

  • Gimp 2.6.8

  • Gimp 2.6.9


References

BID - 55089

MISC - http://www.reactionpenetrationtesting.co.uk/GIMP-scriptfu-python-command-execution.html

MLIST - [oss-security] 20120820 RE: [Full-disclosure] GIMP Scriptfu Python Remote Command Execution

MLIST - [oss-security] 20120817 Re: [Full-disclosure] GIMP Scriptfu Python Remote Command Execution

MLIST - [oss-security] 20120816 GIMP Scriptfu Python Remote Command Execution

BUGTRAQ - 20120816 GIMP Scriptfu Python Remote Command Execution

CONFIRM - http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf

Related Patches

SUN122212-46 Solaris 10 SPARC: GNOME 2.6.0: GNOME Desktop Patch (Rev 3)


Last Updated: 27 May 2016 11:00:26