Beagle Helper Applications Arbitrary Code Execution Vulnerability
BID:17611
Info
Beagle Helper Applications Arbitrary Code Execution Vulnerability
| Bugtraq ID: | 17611 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-1865 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Apr 19 2006 12:00AM |
| Updated: | Apr 28 2006 10:10PM |
| Credit: | Chris Evans discovered this vulnerability. |
| Vulnerable: |
S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 Redhat Fedora Core5 Beagle Beagle 0.2.4 |
| Not Vulnerable: | |
Discussion
Beagle Helper Applications Arbitrary Code Execution Vulnerability
Beagle is susceptible to an insecure indexing issue when dealing with helper applications. This can lead to arbitrary code execution.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the vulnerable application.
Beagle is susceptible to an insecure indexing issue when dealing with helper applications. This can lead to arbitrary code execution.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the vulnerable application.
Exploit / POC
Beagle Helper Applications Arbitrary Code Execution Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
Beagle Helper Applications Arbitrary Code Execution Vulnerability
Solution:
This issue has been addressed in the latest CVS repository for the application.
Please see the references for vendor advisories and more information.
Solution:
This issue has been addressed in the latest CVS repository for the application.
Please see the references for vendor advisories and more information.
References
Beagle Helper Applications Arbitrary Code Execution Vulnerability
References:
References:
- Beagle command line injection (Josh Bressers)
- beagle Web Site (beagle)