Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9682

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2014-9682
Last Modified 02 Mar 2015 03:26:09
Published 27 Feb 2015 08:59:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-9682

Summary

The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function.

Vulnerable Systems

Application

  • Dns-sync Project Dns-sync 0.1.0


References

CONFIRM - https://github.com/skoranga/node-dns-sync/issues/1

CONFIRM - https://github.com/skoranga/node-dns-sync/commit/d9abaae384b198db1095735ad9c1c73d7b890a0d

MLIST - [oss-security] 20141111 CVE Request - dns-sync node module


Last Updated: 27 May 2016 11:07:57