*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: centerim "** DISPUTED ** CenterIM 4.22.3 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URI, related to "received URLs in the message window." NOTE: this issue has been disputed due to the user-assisted nature, since the URL must be selected and launched by the victim." It's still not good, even though it's user-assisted. ** Affects: centericq (Ubuntu) Importance: Undecided Status: Invalid ** Affects: centerim (Ubuntu) Importance: Undecided Assignee: William Grant (fujitsu) Status: In Progress ** Affects: centericq (Ubuntu Dapper) Importance: Undecided Status: New ** Affects: centerim (Ubuntu Dapper) Importance: Undecided Status: Invalid ** Affects: centericq (Ubuntu Edgy) Importance: Undecided Status: New ** Affects: centerim (Ubuntu Edgy) Importance: Undecided Status: Invalid ** Affects: centericq (Ubuntu Feisty) Importance: Undecided Status: New ** Affects: centerim (Ubuntu Feisty) Importance: Undecided Status: Invalid ** Affects: centericq (Ubuntu Gutsy) Importance: Undecided Status: Invalid ** Affects: centerim (Ubuntu Gutsy) Importance: Undecided Status: New ** Affects: centericq (Ubuntu Hardy) Importance: Undecided Status: Invalid ** Affects: centerim (Ubuntu Hardy) Importance: Undecided Assignee: William Grant (fujitsu) Status: In Progress ** Affects: centerim (Debian) Importance: Unknown Status: Unknown ** Visibility changed to: Public ** Bug watch added: Debian Bug tracker #472649 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=472649 ** Also affects: centerim (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=472649 Importance: Unknown Status: Unknown ** Changed in: centerim (Ubuntu Hardy) Assignee: (unassigned) => William Grant (fujitsu) Status: New => In Progress ** Also affects: centericq (Ubuntu) Importance: Undecided Status: New ** Changed in: centerim (Ubuntu Feisty) Status: New => Invalid ** Changed in: centerim (Ubuntu Edgy) Status: New => Invalid ** Changed in: centerim (Ubuntu Dapper) Status: New => Invalid ** Changed in: centericq (Ubuntu Gutsy) Status: New => Invalid ** Changed in: centericq (Ubuntu Hardy) Status: New => Invalid -- [CVE-2008-1467] remote command execution via crafted URL https://bugs.launchpad.net/bugs/212088 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs