7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Dan Dennison discovered that Diatheke, a CGI program to make a bible
website, performs insufficient sanitising of a parameter, allowing a
remote attacker to execute arbitrary shell commands as the web server
user.
For the old stable distribution (sarge), this problem has been fixed in
version 1.5.7-7sarge1.
For the stable distribution (etch), this problem has been fixed in version
1.5.9-2etch1.
For the unstable distribution (sid), this problem has been fixed in version
1.5.9-8.
We recommend that you upgrade your diatheke package.