Lucene search

MitreCVE-2012-4245

HistoryAug 31, 2012 - 6:55 p.m.

CVE-2012-4245

2012-08-3118:55:05

CWE-862

mitre

web.nvd.nist.gov

gimp 2.6

scriptfu

network server

remote code execution

python-fu-eval

cve-2012-4245

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.012

Percentile

85.0%

JSON

The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command.

Affected configurations

Nvd

Node

gimpgimpRange2.6.0–2.6.13

VendorProductVersionCPE
gimpgimp*cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gimp	gimp	*	cpe:2.3:a:gimp:gimp::::::::

References

archives.neohapsis.com/archives/bugtraq/2012-08/0106.html

www.openwall.com/lists/oss-security/2012/08/16/6

www.openwall.com/lists/oss-security/2012/08/17/2

www.openwall.com/lists/oss-security/2012/08/20/1

www.reactionpenetrationtesting.co.uk/GIMP-scriptfu-python-command-execution.html

www.securityfocus.com/bid/55089

www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf

security.gentoo.org/glsa/201603-01

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.012

Percentile

85.0%

JSON

Related for CVE-2012-4245