Lucene search

[email protected]NVD:CVE-2008-3285

HistoryJul 24, 2008 - 5:41 p.m.

CVE-2008-3285

2008-07-2417:41:00

CWE-94

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

Low

EPSS

0.004

Percentile

73.3%

JSON

The Filesys::SmbClientParser module 2.7 and earlier for Perl allows remote SMB servers to execute arbitrary code via a folder name containing shell metacharacters.

Affected configurations

Nvd

Node

alain_barbetfilesys_smbclientparserMatch2.1

alain_barbetfilesys_smbclientparserMatch2.2

alain_barbetfilesys_smbclientparserMatch2.3

alain_barbetfilesys_smbclientparserMatch2.4

alain_barbetfilesys_smbclientparserMatch2.5

alain_barbetfilesys_smbclientparserMatch2.6

alain_barbetfilesys_smbclientparserMatch2.7

VendorProductVersionCPE
alain_barbetfilesys_smbclientparser2.1cpe:2.3:a:alain_barbet:filesys_smbclientparser:2.1:*:*:*:*:*:*:*
alain_barbetfilesys_smbclientparser2.2cpe:2.3:a:alain_barbet:filesys_smbclientparser:2.2:*:*:*:*:*:*:*
alain_barbetfilesys_smbclientparser2.3cpe:2.3:a:alain_barbet:filesys_smbclientparser:2.3:*:*:*:*:*:*:*
alain_barbetfilesys_smbclientparser2.4cpe:2.3:a:alain_barbet:filesys_smbclientparser:2.4:*:*:*:*:*:*:*
alain_barbetfilesys_smbclientparser2.5cpe:2.3:a:alain_barbet:filesys_smbclientparser:2.5:*:*:*:*:*:*:*
alain_barbetfilesys_smbclientparser2.6cpe:2.3:a:alain_barbet:filesys_smbclientparser:2.6:*:*:*:*:*:*:*
alain_barbetfilesys_smbclientparser2.7cpe:2.3:a:alain_barbet:filesys_smbclientparser:2.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
alain_barbet	filesys_smbclientparser	2.1	cpe:2.3:a:alain_barbet:filesys_smbclientparser:2.1:::::::*
alain_barbet	filesys_smbclientparser	2.2	cpe:2.3:a:alain_barbet:filesys_smbclientparser:2.2:::::::*
alain_barbet	filesys_smbclientparser	2.3	cpe:2.3:a:alain_barbet:filesys_smbclientparser:2.3:::::::*
alain_barbet	filesys_smbclientparser	2.4	cpe:2.3:a:alain_barbet:filesys_smbclientparser:2.4:::::::*
alain_barbet	filesys_smbclientparser	2.5	cpe:2.3:a:alain_barbet:filesys_smbclientparser:2.5:::::::*
alain_barbet	filesys_smbclientparser	2.6	cpe:2.3:a:alain_barbet:filesys_smbclientparser:2.6:::::::*
alain_barbet	filesys_smbclientparser	2.7	cpe:2.3:a:alain_barbet:filesys_smbclientparser:2.7:::::::*

References

secunia.com/advisories/31175

securityreason.com/securityalert/4027

www.securityfocus.com/archive/1/494536/100/0/threaded

www.securityfocus.com/bid/30290

exchange.xforce.ibmcloud.com/vulnerabilities/43910

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

Low

EPSS

0.004

Percentile

73.3%

JSON

Related for NVD:CVE-2008-3285

cve1 prion1 cvelist1 exploitdb1