Remstats Remote Command Execution Vulnerability

Bugtraq ID:	12980
Class:	Input Validation Error
CVE:	CVE-2005-0388
Remote:	Yes
Local:	No
Published:	Apr 04 2005 12:00AM
Updated:	Jul 12 2009 11:56AM
Credit:	Jens Steube is credited with the discovery of this issue.
Vulnerable:	Remstats Network Analysis Utility 1.0.13 a Remstats Network Analysis Utility 1.0.12 a Remstats Network Analysis Utility 1.0.11 a Remstats Network Analysis Utility 1.0.10 a Remstats Network Analysis Utility 1.0.9 a Remstats Network Analysis Utility 1.0.8 a Remstats Network Analysis Utility 1.0.7 a Remstats Network Analysis Utility 1.0.6 a Remstats Network Analysis Utility 1.0.5 a Remstats Network Analysis Utility 1.0 a4
Not Vulnerable:

Remstats Remote Command Execution Vulnerability

A remote command execution vulnerability affects Remstats. This issue is due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical functionality.

An attacker may leverage this issue to execute arbitrary commands with the privileges of the unsuspecting users that activated the affected application.

Remstats Remote Command Execution Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Remstats Remote Command Execution Vulnerability

Solution:
Debian Linux has released an advisory (DSA 704-1) dealing with this issue. Please see the referenced advisory for more information.

Remstats Remote Command Execution Vulnerability

References:

• Remstats Home Page (Remstats)