Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5534

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-5534
Last Modified 06 Feb 2014 11:43:30
Published 03 Dec 2012 04:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-5534

Summary

The hook_process function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "shell expansion."

Vulnerable Systems

Application

  • Flashtux Weechat 0.3.0

  • Flashtux Weechat 0.3.1

  • Flashtux Weechat 0.3.1.1

  • Flashtux Weechat 0.3.2

  • Flashtux Weechat 0.3.3

  • Flashtux Weechat 0.3.4

  • Flashtux Weechat 0.3.6

  • Flashtux Weechat 0.3.7

  • Flashtux Weechat 0.3.8

  • Flashtux Weechat 0.3.9

  • Flashtux Weechat 0.3.9.1


References

CONFIRM - https://savannah.nongnu.org/bugs/?37764

BID - 56584

MLIST - [oss-security] 20121119 Re: Fwd: [[Weechat-security] Security vulnerability in WeeChat 0.3.0 -> 0.3.9.1]

CONFIRM - http://weechat.org/security/

SECUNIA - 51294

CONFIRM - http://git.savannah.gnu.org/gitweb/?p=weechat.git;a=commitdiff_plain;h=efb795c74fe954b9544074aafcebb1be4452b03a

SUSE - openSUSE-SU-2012:1580

SUSE - openSUSE-SU-2013:0150

SECUNIA - 51377

FEDORA - FEDORA-2012-18575

FEDORA - FEDORA-2012-18526

FEDORA - FEDORA-2012-18494

CONFIRM - https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0347

MANDRIVA - MDVSA-2013:136


Last Updated: 27 May 2016 11:01:26