CVE-2008-2575

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2008-2575
cbrPager before 0.9.17 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a (1) ZIP (aka .cbz) or (2) RAR (aka .cbr) archive filename.

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://cvs.fedoraproject.org/viewcvs/rpms/cbrpager/devel/cbrpager-0.9.16-filen-shell-escaping.patch?rev=1.2 Broken Link Exploit
http://secunia.com/advisories/30417 Broken Link Vendor Advisory
http://secunia.com/advisories/30438 Broken Link Vendor Advisory
http://secunia.com/advisories/30701 Broken Link
http://security.gentoo.org/glsa/glsa-200806-05.xml Third Party Advisory
http://sourceforge.net/forum/forum.php?forum_id=827120 Broken Link Patch
http://sourceforge.net/project/shownotes.php?release_id=601538&group_id=119647 Patch
http://www.jcoppens.com/soft/cbrpager/log.en.php Release Notes
http://www.vupen.com/english/advisories/2008/1693/references Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=448285 Issue Tracking Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/42741 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:jcoppens:cbrpager:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
History

02 Feb 2024, 15:13

Type Values Removed Values Added
CPE cpe:2.3:a:jcoppens:cbrpager:0.9.13:*:*:*:*:*:*:*
cpe:2.3:a:jcoppens:cbrpager:0.9.14:*:*:*:*:*:*:*
cpe:2.3:a:jcoppens:cbrpager:0.9.10:*:*:*:*:*:*:*
cpe:2.3:a:jcoppens:cbrpager:0.9.9:*:*:*:*:*:*:*
cpe:2.3:a:jcoppens:cbrpager:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:jcoppens:cbrpager:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:jcoppens:cbrpager:0.9.5:*:*:*:*:*:*:*
cpe:2.3:a:jcoppens:cbrpager:0.9.12:*:*:*:*:*:*:*
cpe:2.3:a:jcoppens:cbrpager:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:jcoppens:cbrpager:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:jcoppens:cbrpager:0.9.15:*:*:*:*:*:*:*
cpe:2.3:a:jcoppens:cbrpager:0.9.16:*:*:*:*:*:*:*
cpe:2.3:a:jcoppens:cbrpager:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:jcoppens:cbrpager:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:jcoppens:cbrpager:0.9.11:*:*:*:*:*:*:*		 cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
cpe:2.3:a:jcoppens:cbrpager:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*
First Time Fedoraproject
Fedoraproject fedora
CWE CWE-94 CWE-78
References () http://cvs.fedoraproject.org/viewcvs/rpms/cbrpager/devel/cbrpager-0.9.16-filen-shell-escaping.patch?rev=1.2 - Exploit () http://cvs.fedoraproject.org/viewcvs/rpms/cbrpager/devel/cbrpager-0.9.16-filen-shell-escaping.patch?rev=1.2 - Broken Link, Exploit
References () http://secunia.com/advisories/30417 - Vendor Advisory () http://secunia.com/advisories/30417 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/30438 - Vendor Advisory () http://secunia.com/advisories/30438 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/30701 - () http://secunia.com/advisories/30701 - Broken Link
References () http://security.gentoo.org/glsa/glsa-200806-05.xml - () http://security.gentoo.org/glsa/glsa-200806-05.xml - Third Party Advisory
References () http://sourceforge.net/forum/forum.php?forum_id=827120 - Patch () http://sourceforge.net/forum/forum.php?forum_id=827120 - Broken Link, Patch
References () http://www.jcoppens.com/soft/cbrpager/log.en.php - () http://www.jcoppens.com/soft/cbrpager/log.en.php - Release Notes
References () http://www.vupen.com/english/advisories/2008/1693/references - () http://www.vupen.com/english/advisories/2008/1693/references - Broken Link
References () https://bugzilla.redhat.com/show_bug.cgi?id=448285 - () https://bugzilla.redhat.com/show_bug.cgi?id=448285 - Issue Tracking, Third Party Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/42741 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/42741 - Third Party Advisory, VDB Entry
Information

Published : 2008-06-06 22:32

Updated : 2024-02-02 15:13

NVD link : CVE-2008-2575

Mitre link : CVE-2008-2575

CVE.ORG link : CVE-2008-2575

JSON object : View

Products Affected

jcoppens

  • cbrpager

fedoraproject

  • fedora
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')