Vulnerability CVE-2011-2899
Published: 2011-08-31   Modified: 2012-02-13

Description:
pysmb.py in system-config-printer 0.6.x and 0.7.x, as used in foomatic-gui and possibly other products, allows remote SMB servers to execute arbitrary commands via shell metacharacters in the (1) NetBIOS or (2) workgroup name, which are not properly handled when searching for network printers.

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:N/AC:H/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.1/10
6.4/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Redhat -> System-config-printer 

 References:
https://bugzilla.redhat.com/show_bug.cgi?id=728348
https://bugs.launchpad.net/ubuntu/+source/foomatic-gui/+bug/811119
http://cvs.savannah.gnu.org/viewvc/foomatic-gui/foomatic/pysmb.py?root=foomatic-gui&r1=1.2&r2=1.3&view=patch
http://www.securitytracker.com/id?1025967
http://www.redhat.com/support/errata/RHSA-2011-1196.html
http://secunia.com/advisories/45744
Copyright 2024, cxsecurity.com

 

Back to Top