Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12431
HistoryApr 26, 2006 - 12:00 a.m.

beagle insecure command line construction

2006-04-2600:00:00
vulners.com
5
JSON

CESA-2006-002 - rev 1

[See all my vulnerabilities at http://scary.beasts.org/security]

beagle insecure command line construction

Programs affected: beagle-0.2.4 and older.
Severity: Command line argument injection to helper applications.
Fixed: beagle-0.2.5
CVE identifier(s): CVE-2006-1865

beagle is an indexing technology that supports lots of different file formats. To support some of these file formats, beagle executes external helper applications. The command lines for these applications were not build securely, allowing an attacker to insert arbitrary command line arguments to the helper applications by co-ercing a victim into downloading a specially named file.

Possible attack vectors here include:

* Inserting a command line argument to one of the helper applications (mplayer, rpm, pdftotext, ssindex, etc.) which abuses a security vulnerability that would not otherwise be accessible.
* Using the fact that some of these helper applications are network enabled (mplayer, rpm) to fetch secondary data to assist the attack.

CESA-2006-002 - rev 1
Chris Evans
[email protected]

Related

prion 1
cve 1
ubuntucve 1
nessus 1
debiancve 1
prion
prion
Design/Logic Flaw
2006-04-21 23:06:00
cve
cve
CVE-2006-1865
2006-04-21 23:06:00
ubuntucve
ubuntucve
CVE-2006-1865
2006-04-21 00:00:00
nessus
nessus
Fedora Core 5 : beagle-0.2.5-1.fc5.1 (2006-440)
2006-04-26 00:00:00
debiancve
debiancve
CVE-2006-1865
2006-04-21 23:06:00
JSON
Related for SECURITYVULNS:DOC:12431
prion1cve1ubuntucve1nessus1debiancve1