CVE-2011-2899

critical

Description

pysmb.py in system-config-printer 0.6.x and 0.7.x, as used in foomatic-gui and possibly other products, allows remote SMB servers to execute arbitrary commands via shell metacharacters in the (1) NetBIOS or (2) workgroup name, which are not properly handled when searching for network printers.

References

https://bugzilla.redhat.com/show_bug.cgi?id=728348

https://bugs.launchpad.net/ubuntu/+source/foomatic-gui/+bug/811119

http://www.securitytracker.com/id?1025967

http://www.redhat.com/support/errata/RHSA-2011-1196.html

http://secunia.com/advisories/45744

http://cvs.savannah.gnu.org/viewvc/foomatic-gui/foomatic/pysmb.py?root=foomatic-gui&r1=1.2&r2=1.3&view=patch

Details

Source: Mitre, NVD

Published: 2011-08-31

Updated: 2012-06-15

Risk Information

CVSS v2

Base Score: 5.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical