Lucene search

GoogleOSV:DSA-1251-1

HistoryJan 21, 2007 - 12:00 a.m.

netrik

2007-01-2100:00:00

Google

osv.dev

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

It has been discovered that netrik, a text mode WWW browser with vi like
keybindings, doesn’t properly sanitize temporary filenames when editing
textareas which could allow attackers to execute arbitrary commands via
shell metacharacters.

For the stable distribution (sarge), this problem has been fixed in version
1.15.4-1sarge1.

For the upcoming stable distribution (etch) this problem has been fixed in
version 1.15.3-1.1.

For the unstable distribution (sid) this problem has been fixed in version
1.15.3-1.1.

We recommend that you upgrade your netrik package.

CPENameOperatorVersion
netrikeq1.15.3-1

CPE	Name	Operator	Version
	netrik	eq	1.15.3-1

References

www.debian.org/security/2007/dsa-1251

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Related for OSV:DSA-1251-1