Netrik Textarea Tag Remote Arbitrary Command Execution Vulnerability
BID:22158
Info
Netrik Textarea Tag Remote Arbitrary Command Execution Vulnerability
| Bugtraq ID: | 22158 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-6678 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 22 2007 12:00AM |
| Updated: | Jan 29 2007 11:30PM |
| Credit: | The vendor disclosed this issue. |
| Vulnerable: |
netrik netrik 1.15.4 netrik netrik 1.15.3 |
| Not Vulnerable: |
netrik netrik 1.15.5 beta |
Discussion
Netrik Textarea Tag Remote Arbitrary Command Execution Vulnerability
The 'netrik' program is prone to a vulnerability that allows attackers to execute remote arbitrary shell commands in the context of the webserver application.
This issue affects versions prior to 1.15.5 beta.
The 'netrik' program is prone to a vulnerability that allows attackers to execute remote arbitrary shell commands in the context of the webserver application.
This issue affects versions prior to 1.15.5 beta.
Exploit / POC
Netrik Textarea Tag Remote Arbitrary Command Execution Vulnerability
Attackers can exploit this issue by enticing a victim user to view malicious 'textarea' tags with the affected application.
Attackers can exploit this issue by enticing a victim user to view malicious 'textarea' tags with the affected application.
Solution / Fix
Netrik Textarea Tag Remote Arbitrary Command Execution Vulnerability
Solution:
The vendor has addressed this issue in version 1.15.5 beta. Please see the reference section for details.
netrik netrik 1.15.3
netrik netrik 1.15.4
Solution:
The vendor has addressed this issue in version 1.15.5 beta. Please see the reference section for details.
netrik netrik 1.15.3
-
Debian netrik_1.15.3-1sarge1_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1s arge1_alpha.deb -
Debian netrik_1.15.3-1sarge1_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1s arge1_amd64.deb -
Debian netrik_1.15.3-1sarge1_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1s arge1_arm.deb -
Debian netrik_1.15.3-1sarge1_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1s arge1_hppa.deb -
Debian netrik_1.15.3-1sarge1_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1s arge1_i386.deb -
Debian netrik_1.15.3-1sarge1_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1s arge1_ia64.deb -
Debian netrik_1.15.3-1sarge1_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1s arge1_m68k.deb -
Debian netrik_1.15.3-1sarge1_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1s arge1_mips.deb -
Debian netrik_1.15.3-1sarge1_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1s arge1_mipsel.deb -
Debian netrik_1.15.3-1sarge1_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1s arge1_powerpc.deb -
Debian netrik_1.15.3-1sarge1_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1s arge1_s390.deb -
Debian netrik_1.15.3-1sarge1_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1s arge1_sparc.deb
netrik netrik 1.15.4
-
netrik netrik-1.15.5.tar.gz
http://downloads.sourceforge.net/netrik/netrik-1.15.5.tar.gz
References
Netrik Textarea Tag Remote Arbitrary Command Execution Vulnerability
References:
References:
- netrik Web Site (netrik)