logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary
commands via shell metacharacters in a log file name, as demonstrated via a
crafted username to a Samba server.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | logwatch | <Â 7.1-2ubuntu0.1 | UNKNOWN |
ubuntu | 8.04 | noarch | logwatch | <Â 7.3.6-1ubuntu1.1 | UNKNOWN |
ubuntu | 9.10 | noarch | logwatch | <Â 7.3.6.cvs20090906-1ubuntu1.1 | UNKNOWN |
ubuntu | 10.04 | noarch | logwatch | <Â 7.3.6.cvs20090906-1ubuntu2.1 | UNKNOWN |
ubuntu | 10.10 | noarch | logwatch | <Â 7.3.6.cvs20090906-1ubuntu3.1 | UNKNOWN |