Lucene search
Ubuntu.comUB:CVE-2008-3907HistorySep 04, 2008 - 12:00 a.m.
CVE-2008-3907
2008-09-0400:00:00
ubuntu.com
ubuntu.com
10
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.013 Low
EPSS
Percentile
85.7%
The open-in-browser command in newsbeuter before 1.1 allows remote
attackers to execute arbitrary commands via shell metacharacters in a feed
URL.
Bugs
Notes
| Author | Note |
|---|---|
| jdstrand | per Debian: versions < 1.0-1 didn’t include a patch to wrap long article URLs so the crafted part of the URL can be hidden. This of course only affects people not reading articles in the built-in reader. |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 8.04 | noarch | newsbeuter | < 0.7-1ubuntu0.1 | UNKNOWN |
| ubuntu | 8.10 | noarch | newsbeuter | < 0.9.1-1+lenny3 | UNKNOWN |
Related
nessus
nessus
GLSA-200809-12 : Newsbeuter: User-assisted execution of arbitrary code
2008-09-23 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200809-12 (newsbeuter)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200809-12 (newsbeuter)
2008-09-24 00:00:00
securityvulns
securityvulns
[ GLSA 200809-12 ] Newsbeuter: User-assisted execution of arbitrary code
2008-09-24 00:00:00
newsbeuter shell characters vulnerability
2008-09-24 00:00:00
debiancve
debiancve
CVE-2008-3907
2008-09-04 17:41:00
prion
prion
Open redirect
2008-09-04 17:41:00
cve
cve
CVE-2008-3907
2008-09-04 17:41:00
gentoo
gentoo
Newsbeuter: User-assisted execution of arbitrary code
2008-09-22 00:00:00
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.013 Low
EPSS
Percentile
85.7%
Related for UB:CVE-2008-3907