SWORD Diatheke Script Arbitrary Command Execution Vulnerability
BID:12320
Info
SWORD Diatheke Script Arbitrary Command Execution Vulnerability
| Bugtraq ID: | 12320 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-0015 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 20 2005 12:00AM |
| Updated: | Jul 12 2009 10:06AM |
| Credit: | Discovery is credited to Ulf Härnhammar. |
| Vulnerable: |
The SWORD Project SWORD 1.5.3 |
| Not Vulnerable: | |
Discussion
SWORD Diatheke Script Arbitrary Command Execution Vulnerability
The Diatheke script is reported prone to an arbitrary command execution vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data.
This issue may allow an attacker to gain unauthorized access to a vulnerable computer by supplying arbitrary commands through unspecified parameters of URI links.
The Diatheke script is reported prone to an arbitrary command execution vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data.
This issue may allow an attacker to gain unauthorized access to a vulnerable computer by supplying arbitrary commands through unspecified parameters of URI links.
Exploit / POC
SWORD Diatheke Script Arbitrary Command Execution Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
SWORD Diatheke Script Arbitrary Command Execution Vulnerability
Solution:
Debian has released advisory DSA 650-1 to address this issue. Please see the referenced advisory for more information.
The SWORD Project SWORD 1.5.3
Solution:
Debian has released advisory DSA 650-1 to address this issue. Please see the referenced advisory for more information.
The SWORD Project SWORD 1.5.3
-
Debian diatheke_1.5.3-3woody2_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.3-3w oody2_alpha.deb -
Debian diatheke_1.5.3-3woody2_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.3-3w oody2_arm.deb -
Debian diatheke_1.5.3-3woody2_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.3-3w oody2_hppa.deb -
Debian diatheke_1.5.3-3woody2_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.3-3w oody2_i386.deb -
Debian diatheke_1.5.3-3woody2_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.3-3w oody2_ia64.deb -
Debian diatheke_1.5.3-3woody2_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.3-3w oody2_m68k.deb -
Debian diatheke_1.5.3-3woody2_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.3-3w oody2_mips.deb -
Debian diatheke_1.5.3-3woody2_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.3-3w oody2_mipsel.deb -
Debian diatheke_1.5.3-3woody2_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.3-3w oody2_powerpc.deb -
Debian diatheke_1.5.3-3woody2_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.3-3w oody2_s390.deb -
Debian diatheke_1.5.3-3woody2_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.3-3w oody2_sparc.deb -
Debian libsword-dev_1.5.3-3woody2_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5. 3-3woody2_alpha.deb -
Debian libsword-dev_1.5.3-3woody2_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5. 3-3woody2_arm.deb -
Debian libsword-dev_1.5.3-3woody2_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5. 3-3woody2_hppa.deb -
Debian libsword-dev_1.5.3-3woody2_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5. 3-3woody2_i386.deb -
Debian libsword-dev_1.5.3-3woody2_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5. 3-3woody2_ia64.deb -
Debian libsword-dev_1.5.3-3woody2_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5. 3-3woody2_m68k.deb -
Debian libsword-dev_1.5.3-3woody2_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5. 3-3woody2_mips.deb -
Debian libsword-dev_1.5.3-3woody2_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5. 3-3woody2_mipsel.deb -
Debian libsword-dev_1.5.3-3woody2_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5. 3-3woody2_powerpc.deb -
Debian libsword-dev_1.5.3-3woody2_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5. 3-3woody2_s390.deb -
Debian libsword-dev_1.5.3-3woody2_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5. 3-3woody2_sparc.deb -
Debian libsword-runtime_1.5.3-3woody2_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/libsword-runtime_ 1.5.3-3woody2_alpha.deb -
Debian libsword-runtime_1.5.3-3woody2_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/libsword-runtime_ 1.5.3-3woody2_arm.deb -
Debian libsword-runtime_1.5.3-3woody2_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/libsword-runtime_ 1.5.3-3woody2_hppa.deb -
Debian libsword-runtime_1.5.3-3woody2_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/libsword-runtime_ 1.5.3-3woody2_i386.deb -
Debian libsword-runtime_1.5.3-3woody2_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/libsword-runtime_ 1.5.3-3woody2_ia64.deb -
Debian libsword-runtime_1.5.3-3woody2_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/libsword-runtime_ 1.5.3-3woody2_m68k.deb -
Debian libsword-runtime_1.5.3-3woody2_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/libsword-runtime_ 1.5.3-3woody2_mips.deb -
Debian libsword-runtime_1.5.3-3woody2_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/libsword-runtime_ 1.5.3-3woody2_mipsel.deb -
Debian libsword-runtime_1.5.3-3woody2_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/libsword-runtime_ 1.5.3-3woody2_powerpc.deb -
Debian libsword-runtime_1.5.3-3woody2_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/libsword-runtime_ 1.5.3-3woody2_s390.deb -
Debian libsword-runtime_1.5.3-3woody2_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/libsword-runtime_ 1.5.3-3woody2_sparc.deb -
Debian libsword1_1.5.3-3woody2_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/libsword1_1.5.3-3 woody2_alpha.deb -
Debian libsword1_1.5.3-3woody2_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/libsword1_1.5.3-3 woody2_arm.deb -
Debian libsword1_1.5.3-3woody2_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/libsword1_1.5.3-3 woody2_hppa.deb -
Debian libsword1_1.5.3-3woody2_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/libsword1_1.5.3-3 woody2_i386.deb -
Debian libsword1_1.5.3-3woody2_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/libsword1_1.5.3-3 woody2_ia64.deb -
Debian libsword1_1.5.3-3woody2_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/libsword1_1.5.3-3 woody2_m68k.deb -
Debian libsword1_1.5.3-3woody2_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/libsword1_1.5.3-3 woody2_mips.deb -
Debian libsword1_1.5.3-3woody2_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/libsword1_1.5.3-3 woody2_mipsel.deb -
Debian libsword1_1.5.3-3woody2_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/libsword1_1.5.3-3 woody2_powerpc.deb -
Debian libsword1_1.5.3-3woody2_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/libsword1_1.5.3-3 woody2_s390.deb -
Debian libsword1_1.5.3-3woody2_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sword/libsword1_1.5.3-3 woody2_sparc.deb
References
SWORD Diatheke Script Arbitrary Command Execution Vulnerability
References:
References:
- Vendor Homepage (The SWORD Project)