10

CVE-2011-1018

logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LogwatchLogwatch Version7.3.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 18.32% 0.969
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055579.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055585.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055617.html
http://logwatch.svn.sourceforge.net/viewvc/logwatch/scripts/logwatch.pl?r1=3&r2=26&pathrev=26
Patch
http://secunia.com/advisories/43356
http://secunia.com/advisories/43495
Vendor Advisory
http://secunia.com/advisories/43622
http://secunia.com/advisories/43644
http://secunia.com/advisories/43734
http://sourceforge.net/mailarchive/forum.php?thread_name=4D604843.7040303%40mblmail.net&forum_name=logwatch-devel
http://sourceforge.net/tracker/?func=detail&aid=3184223&group_id=312875&atid=1316824
Patch
http://www.debian.org/security/2011/dsa-2182
http://www.openwall.com/lists/oss-security/2011/02/24/13
Patch
http://www.openwall.com/lists/oss-security/2011/02/24/15
Patch
http://www.redhat.com/support/errata/RHSA-2011-0324.html
http://www.securityfocus.com/bid/46554
http://www.securitytracker.com/id?1025165
http://www.ubuntu.com/usn/USN-1078-1
http://www.vupen.com/english/advisories/2011/0533
http://www.vupen.com/english/advisories/2011/0581
http://www.vupen.com/english/advisories/2011/0596
https://bugzilla.redhat.com/show_bug.cgi?id=680237
Patch