10
CVE-2012-1166
- EPSS 4.84%
- Veröffentlicht 21.05.2014 14:55:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x before 2.2.7 allow remote attackers to execute arbitrary commands via the KP_RETURN keybinding, which launches a terminal window.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Canonical ≫ Ltsp Display Manager Version2.2.4
Canonical ≫ Ltsp Display Manager Version2.2.5
Canonical ≫ Ltsp Display Manager Version2.2.6
Canonical ≫ Ubuntu Linux Version11.04
Canonical ≫ Ubuntu Linux Version11.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.84% | 0.909 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
http://irclogs.ltsp.org/?d=2012-03-12
http://www.ubuntu.com/usn/USN-1398-1
https://bugs.launchpad.net/ubuntu/%2Bsource/ldm/%2Bbug/953340