[Bug 212088] [NEW] [CVE-2008-1467] remote command execution via crafted URL

Fri, 04 Apr 2008 23:00:34 -0700 

*** This bug is a security vulnerability ***

Public security bug reported:

Binary package hint: centerim

"** DISPUTED ** CenterIM 4.22.3 and earlier allows user-assisted remote
attackers to execute arbitrary commands via shell metacharacters in a
URI, related to "received URLs in the message window." NOTE: this issue
has been disputed due to the user-assisted nature, since the URL must be
selected and launched by the victim."

It's still not good, even though it's user-assisted.

** Affects: centericq (Ubuntu)
     Importance: Undecided
         Status: Invalid

** Affects: centerim (Ubuntu)
     Importance: Undecided
     Assignee: William Grant (fujitsu)
         Status: In Progress

** Affects: centericq (Ubuntu Dapper)
     Importance: Undecided
         Status: New

** Affects: centerim (Ubuntu Dapper)
     Importance: Undecided
         Status: Invalid

** Affects: centericq (Ubuntu Edgy)
     Importance: Undecided
         Status: New

** Affects: centerim (Ubuntu Edgy)
     Importance: Undecided
         Status: Invalid

** Affects: centericq (Ubuntu Feisty)
     Importance: Undecided
         Status: New

** Affects: centerim (Ubuntu Feisty)
     Importance: Undecided
         Status: Invalid

** Affects: centericq (Ubuntu Gutsy)
     Importance: Undecided
         Status: Invalid

** Affects: centerim (Ubuntu Gutsy)
     Importance: Undecided
         Status: New

** Affects: centericq (Ubuntu Hardy)
     Importance: Undecided
         Status: Invalid

** Affects: centerim (Ubuntu Hardy)
     Importance: Undecided
     Assignee: William Grant (fujitsu)
         Status: In Progress

** Affects: centerim (Debian)
     Importance: Unknown
         Status: Unknown

** Visibility changed to: Public

** Bug watch added: Debian Bug tracker #472649
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=472649

** Also affects: centerim (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=472649
   Importance: Unknown
       Status: Unknown

** Changed in: centerim (Ubuntu Hardy)
     Assignee: (unassigned) => William Grant (fujitsu)
       Status: New => In Progress

** Also affects: centericq (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: centerim (Ubuntu Feisty)
       Status: New => Invalid

** Changed in: centerim (Ubuntu Edgy)
       Status: New => Invalid

** Changed in: centerim (Ubuntu Dapper)
       Status: New => Invalid

** Changed in: centericq (Ubuntu Gutsy)
       Status: New => Invalid

** Changed in: centericq (Ubuntu Hardy)
       Status: New => Invalid

-- 
[CVE-2008-1467] remote command execution via crafted URL
https://bugs.launchpad.net/bugs/212088
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to