Lucene search
PRIOn knowledge basePRION:CVE-2017-16667HistoryNov 08, 2017 - 6:29 p.m.
Input validation
2017-11-0818:29:00
PRIOn knowledge base
www.prio-n.com
3
backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the ‘notify-send’ command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft an unreadable file with a specific name to run arbitrary shell commands.
| CPE | Name | Operator | Version |
|---|---|---|---|
| backintime | lt | 1.1.24 |
Related
nessus
nessus
GLSA-201801-06 : Back In Time: Command injection
2018-01-08 00:00:00
Fedora 27 : backintime (2017-898a922aff)
2018-01-15 00:00:00
Fedora 26 : backintime (2017-ebee750022)
2017-11-20 00:00:00
fedora
fedora
[SECURITY] Fedora 25 Update: backintime-1.1.24-1.fc25
2017-11-20 17:59:40
[SECURITY] Fedora 27 Update: backintime-1.1.24-1.fc27
2017-11-20 01:04:14
[SECURITY] Fedora 26 Update: backintime-1.1.24-1.fc26
2017-11-19 23:18:04
osv
osv
CVE-2017-16667
2017-11-08 18:29:00
openvas
openvas
Mageia: Security Advisory (MGASA-2018-0059)
2022-01-28 00:00:00
Fedora Update for backintime FEDORA-2017-898a922aff
2017-11-23 00:00:00
Fedora Update for backintime FEDORA-2017-ebee750022
2017-11-23 00:00:00
debiancve
debiancve
CVE-2017-16667
2017-11-08 18:29:00
cvelist
cvelist
CVE-2017-16667
2017-11-08 18:00:00
nvd
nvd
CVE-2017-16667
2017-11-08 18:29:00
ubuntucve
ubuntucve
CVE-2017-16667
2017-11-08 00:00:00
mageia
mageia
Updated backintime packages fix security vulnerability
2018-01-04 19:48:42
cve
cve
CVE-2017-16667
2017-11-08 18:29:00
gentoo
gentoo
Back In Time: Command injection
2018-01-07 00:00:00