CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
77.1%
pysmb.py in system-config-printer 0.6.x and 0.7.x, as used in foomatic-gui and possibly other products, allows remote SMB servers to execute arbitrary commands via shell metacharacters in the (1) NetBIOS or (2) workgroup name, which are not properly handled when searching for network printers.
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | system-config-printer | 0.7.32.6 | cpe:2.3:a:redhat:system-config-printer:0.7.32.6:*:*:*:*:*:*:* |
redhat | system-config-printer | 0.7.32.7 | cpe:2.3:a:redhat:system-config-printer:0.7.32.7:*:*:*:*:*:*:* |
redhat | system-config-printer | 0.7.32.8 | cpe:2.3:a:redhat:system-config-printer:0.7.32.8:*:*:*:*:*:*:* |
redhat | system-config-printer | 0.7.32.9 | cpe:2.3:a:redhat:system-config-printer:0.7.32.9:*:*:*:*:*:*:* |
redhat | system-config-printer | 0.7.32.10 | cpe:2.3:a:redhat:system-config-printer:0.7.32.10:*:*:*:*:*:*:* |
redhat | system-config-printer | 0.7.60 | cpe:2.3:a:redhat:system-config-printer:0.7.60:*:*:*:*:*:*:* |
redhat | system-config-printer | 0.7.61 | cpe:2.3:a:redhat:system-config-printer:0.7.61:*:*:*:*:*:*:* |
redhat | system-config-printer | 0.7.62 | cpe:2.3:a:redhat:system-config-printer:0.7.62:*:*:*:*:*:*:* |
redhat | system-config-printer | 0.7.63 | cpe:2.3:a:redhat:system-config-printer:0.7.63:*:*:*:*:*:*:* |
redhat | system-config-printer | 0.7.63.1 | cpe:2.3:a:redhat:system-config-printer:0.7.63.1:*:*:*:*:*:*:* |
cvs.savannah.gnu.org/viewvc/foomatic-gui/foomatic/pysmb.py?root=foomatic-gui&r1=1.2&r2=1.3&view=patch
secunia.com/advisories/45744
www.redhat.com/support/errata/RHSA-2011-1196.html
www.securitytracker.com/id?1025967
bugs.launchpad.net/ubuntu/+source/foomatic-gui/+bug/811119
bugzilla.redhat.com/show_bug.cgi?id=728348