Lucene search

MitreCVE-2008-3285

HistoryJul 24, 2008 - 5:41 p.m.

CVE-2008-3285

2008-07-2417:41:00

CWE-94

mitre

web.nvd.nist.gov

nvd

filesys

smbclientparser

perl

code execution

smb

security vulnerability

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

High

EPSS

0.004

Percentile

73.3%

JSON

The Filesys::SmbClientParser module 2.7 and earlier for Perl allows remote SMB servers to execute arbitrary code via a folder name containing shell metacharacters.

Affected configurations

Nvd

Node

alain_barbetfilesys_smbclientparserMatch2.1

alain_barbetfilesys_smbclientparserMatch2.2

alain_barbetfilesys_smbclientparserMatch2.3

alain_barbetfilesys_smbclientparserMatch2.4

alain_barbetfilesys_smbclientparserMatch2.5

alain_barbetfilesys_smbclientparserMatch2.6

alain_barbetfilesys_smbclientparserMatch2.7

VendorProductVersionCPE
alain_barbetfilesys_smbclientparser2.1cpe:2.3:a:alain_barbet:filesys_smbclientparser:2.1:*:*:*:*:*:*:*
alain_barbetfilesys_smbclientparser2.2cpe:2.3:a:alain_barbet:filesys_smbclientparser:2.2:*:*:*:*:*:*:*
alain_barbetfilesys_smbclientparser2.3cpe:2.3:a:alain_barbet:filesys_smbclientparser:2.3:*:*:*:*:*:*:*
alain_barbetfilesys_smbclientparser2.4cpe:2.3:a:alain_barbet:filesys_smbclientparser:2.4:*:*:*:*:*:*:*
alain_barbetfilesys_smbclientparser2.5cpe:2.3:a:alain_barbet:filesys_smbclientparser:2.5:*:*:*:*:*:*:*
alain_barbetfilesys_smbclientparser2.6cpe:2.3:a:alain_barbet:filesys_smbclientparser:2.6:*:*:*:*:*:*:*
alain_barbetfilesys_smbclientparser2.7cpe:2.3:a:alain_barbet:filesys_smbclientparser:2.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
alain_barbet	filesys_smbclientparser	2.1	cpe:2.3:a:alain_barbet:filesys_smbclientparser:2.1:::::::*
alain_barbet	filesys_smbclientparser	2.2	cpe:2.3:a:alain_barbet:filesys_smbclientparser:2.2:::::::*
alain_barbet	filesys_smbclientparser	2.3	cpe:2.3:a:alain_barbet:filesys_smbclientparser:2.3:::::::*
alain_barbet	filesys_smbclientparser	2.4	cpe:2.3:a:alain_barbet:filesys_smbclientparser:2.4:::::::*
alain_barbet	filesys_smbclientparser	2.5	cpe:2.3:a:alain_barbet:filesys_smbclientparser:2.5:::::::*
alain_barbet	filesys_smbclientparser	2.6	cpe:2.3:a:alain_barbet:filesys_smbclientparser:2.6:::::::*
alain_barbet	filesys_smbclientparser	2.7	cpe:2.3:a:alain_barbet:filesys_smbclientparser:2.7:::::::*

References

secunia.com/advisories/31175

securityreason.com/securityalert/4027

www.securityfocus.com/archive/1/494536/100/0/threaded

www.securityfocus.com/bid/30290

exchange.xforce.ibmcloud.com/vulnerabilities/43910

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

High

EPSS

0.004

Percentile

73.3%

JSON

Related for CVE-2008-3285