CVE-2011-2899

2011-08-3123:55:03

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

EPSS

0.005

Percentile

77.1%

JSON

pysmb.py in system-config-printer 0.6.x and 0.7.x, as used in foomatic-gui and possibly other products, allows remote SMB servers to execute arbitrary commands via shell metacharacters in the (1) NetBIOS or (2) workgroup name, which are not properly handled when searching for network printers.

OSVersionArchitecturePackageVersionFilename
Debian12allsystem-config-printer< 1.5.18-1system-config-printer_1.5.18-1_all.deb
Debian11allsystem-config-printer< 1.5.14-1system-config-printer_1.5.14-1_all.deb
Debian999allsystem-config-printer< 1.5.18-3system-config-printer_1.5.18-3_all.deb
Debian13allsystem-config-printer< 1.5.18-3system-config-printer_1.5.18-3_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	system-config-printer	< 1.5.18-1	system-config-printer_1.5.18-1_all.deb
Debian	11	all	system-config-printer	< 1.5.14-1	system-config-printer_1.5.14-1_all.deb
Debian	999	all	system-config-printer	< 1.5.18-3	system-config-printer_1.5.18-3_all.deb
Debian	13	all	system-config-printer	< 1.5.18-3	system-config-printer_1.5.18-3_all.deb