Veracode Vulnerability DatabaseVERACODE:24767Arbitrary Code Execution
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
system-config-printer is vulnerable to arbitrary code execution. The vulnerability exists as it was found that system-config-printer did not properly sanitize NetBIOS and workgroup names when searching for network printers. A remote attacker could use this flaw to execute arbitrary code with the privileges of the user running system-config-printer.
References
cvs.savannah.gnu.org/viewvc/foomatic-gui/foomatic/pysmb.py?root=foomatic-gui&r1=1.2&r2=1.3&view=patch
secunia.com/advisories/45744
www.redhat.com/support/errata/RHSA-2011-1196.html
www.securitytracker.com/id?1025967
access.redhat.com/errata/RHSA-2011:1196
access.redhat.com/security/updates/classification/#moderate
bugs.launchpad.net/ubuntu/+source/foomatic-gui/+bug/811119
bugzilla.redhat.com/show_bug.cgi?id=728348
Related
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P