4 matches found
CVE-2017-8799
Untrusted input execution via igetwild in all iRODS versions before 4.1.11 and 4.2.1 allows other iRODS users potentially anonymous to execute remote shell commands via iRODS virtual pathnames. To exploit this vulnerability, a virtual iRODS pathname that includes a semicolon would be retrieved vi...
CVE-2017-8799
Untrusted input execution via igetwild in all iRODS versions before 4.1.11 and 4.2.1 allows other iRODS users potentially anonymous to execute remote shell commands via iRODS virtual pathnames. To exploit this vulnerability, a virtual iRODS pathname that includes a semicolon would be retrieved vi...
CVE-2017-8799
Untrusted input execution via igetwild in all iRODS versions before 4.1.11 and 4.2.1 allows other iRODS users potentially anonymous to execute remote shell commands via iRODS virtual pathnames. To exploit this vulnerability, a virtual iRODS pathname that includes a semicolon would be retrieved vi...
CVE-2017-8799
Summary of CVE-2017-8799 (iRODS) : Untrusted input execution via igetwild in all iRODS versions before 4.1.11 and 4.2.1. An attacker can exploit a virtual iRODS pathname containing a semicolon retrieved by igetwild (a Bash script), causing the portion after the semicolon to execute in the user’s ...