Confirm Remote Command Execution

2004-02-09T00:00:00
ID OSVDB:3956
Type osvdb
Reporter OSVDB
Modified 2004-02-09T00:00:00

Description

Vulnerability Description

Confirm contains a flaw that allows a remote attacker to execute arbitrary commands. The issue is due to a non-descript flaw in the program. If an attacker sends a specially crafted e-mail to a user running Confirm, they can trigger the script to execute arbitrary commands.

Solution Description

Upgrade to version 0.70 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Confirm contains a flaw that allows a remote attacker to execute arbitrary commands. The issue is due to a non-descript flaw in the program. If an attacker sends a specially crafted e-mail to a user running Confirm, they can trigger the script to execute arbitrary commands.

References:

Vendor URL: http://freshmeat.net/projects/confirm/ Vendor Specific Advisory URL Secunia Advisory ID:10966 CVE-2004-0324