XV Image File Name Remote Command Execution Vulnerability
BID:13247
Info
XV Image File Name Remote Command Execution Vulnerability
| Bugtraq ID: | 13247 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 19 2005 12:00AM |
| Updated: | Apr 19 2005 12:00AM |
| Credit: | Tavis Ormandy is credited with the discovery of these issues. |
| Vulnerable: |
John Bradley XV 3.10 a |
| Not Vulnerable: | |
Discussion
XV Image File Name Remote Command Execution Vulnerability
A remote, client-side command execution vulnerability affects xv. This issue is due to a failure of the application to properly sanitize input prior to using it to carry out critical functions.
An attacker may leverage this issue to execute arbitrary commands with the privileges on an unsuspecting user.
A remote, client-side command execution vulnerability affects xv. This issue is due to a failure of the application to properly sanitize input prior to using it to carry out critical functions.
An attacker may leverage this issue to execute arbitrary commands with the privileges on an unsuspecting user.
Exploit / POC
XV Image File Name Remote Command Execution Vulnerability
No exploit is required to leverage this issue.
No exploit is required to leverage this issue.
Solution / Fix
XV Image File Name Remote Command Execution Vulnerability
Solution:
Gentoo Linux has released advisory GLSA 200504-17 dealing with this and other issues. Gentoo advises that all XV users should upgrade to the latest version by executing the following commands with superuser privileges:
emerge --sync
emerge --ask --oneshot --verbose ">=media-gfx/xv-3.10a-r11"
For more information, please see the referenced Gentoo Linux advisory.
Solution:
Gentoo Linux has released advisory GLSA 200504-17 dealing with this and other issues. Gentoo advises that all XV users should upgrade to the latest version by executing the following commands with superuser privileges:
emerge --sync
emerge --ask --oneshot --verbose ">=media-gfx/xv-3.10a-r11"
For more information, please see the referenced Gentoo Linux advisory.