The papd daemon in Netatalk before 2.0.4-beta2, when using certain variables in a pipe command for the print file, allows remote attackers to execute arbitrary commands via shell metacharacters in a print request, as demonstrated using a crafted Title.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 11 | all | netatalk | < 2.0.4~beta2-1 | netatalk_2.0.4~beta2-1_all.deb |
Debian | 10 | all | netatalk | < 2.0.4~beta2-1 | netatalk_2.0.4~beta2-1_all.deb |
Debian | 999 | all | netatalk | < 2.0.4~beta2-1 | netatalk_2.0.4~beta2-1_all.deb |
Debian | 13 | all | netatalk | < 2.0.4~beta2-1 | netatalk_2.0.4~beta2-1_all.deb |