netrik shell characters problems
Published:		21.01.2007
Source:		BUGTRAQ
SecurityVulns ID:		7079
Type:		client
Level:		5/10
Description:		Shell characters problem on temporary files creation.

Affected:		NETRIK : netrik 1.15
CVE:		CVE-2006-6678 (The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename.)

Original document

DEBIAN, [Full-disclosure] [SECURITY] [DSA 1251-1] New netrik packages fix arbitary shell command execution (21.01.2007)

Discuss:

Read or add your comments to this news (0 comments)