|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA12778] renattach "pipe" Potential Shell Command Injection Security Issue
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Mon Oct 11 2004 - 09:21:06 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
renattach "pipe" Potential Shell Command Injection Security Issue
SECUNIA ADVISORY ID:
SA12778
VERIFY ADVISORY:
http://secunia.com/advisories/12778/
CRITICAL:
Not critical
IMPACT:
Unknown
WHERE:
From remote
SOFTWARE:
renattach 1.x
http://secunia.com/product/4028/
DESCRIPTION:
A security issue has been reported in renattach, which has an unknown
impact, but potentially could allow execution of arbitrary commands.
The problem is that the pipe functionality is provided in an insecure
way, which potentially can be exploited to inject arbitrary shell
commands.
Successful exploitation requires that the "-p" or "--pipe" command
line option is used.
The security issue has been reported in version 1.2.0 and 1.2.1.
NOTE: According to the vendor, there does not seem to be a practical
way of exploiting the vulnerability for arbitrary command execution.
SOLUTION:
Update to version 1.2.2.
http://www.pc-tools.net/unix/renattach/
PROVIDED AND/OR DISCOVERED BY:
Victor Duchovni
ORIGINAL ADVISORY:
http://www.pc-tools.net/unix/renattach/2004-10-03.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]