GForge Unspecified Remote Arbitrary Command Execution Vulnerability
BID:24141
Info
GForge Unspecified Remote Arbitrary Command Execution Vulnerability
| Bugtraq ID: | 24141 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-0246 |
| Remote: | Yes |
| Local: | No |
| Published: | May 24 2007 12:00AM |
| Updated: | May 24 2007 11:11PM |
| Credit: | Bernhard R. Link is credited with the discovery of this vulnerability. |
| Vulnerable: |
GForge GForge 4.5.14 GForge GForge 4.5.11 GForge GForge 4.5 GForge GForge 4.0.2 GForge GForge 4.0.1 GForge GForge 4.0 GForge GForge 3.21 GForge GForge 3.3 GForge GForge 3.2 GForge GForge 3.1 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 |
| Not Vulnerable: | |
Discussion
GForge Unspecified Remote Arbitrary Command Execution Vulnerability
GForge is prone to a remote command-execution vulnerability because the application fails to sanitize user-supplied data passed through URI parameters.
An attacker can supply arbitrary shell commands through the affected parameter to be run in the context of the affected server.
GForge is prone to a remote command-execution vulnerability because the application fails to sanitize user-supplied data passed through URI parameters.
An attacker can supply arbitrary shell commands through the affected parameter to be run in the context of the affected server.
Exploit / POC
GForge Unspecified Remote Arbitrary Command Execution Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
GForge Unspecified Remote Arbitrary Command Execution Vulnerability
Solution:
Please see the referenced advisories for more information.
Debian Linux 4.0 amd64
Debian Linux 4.0 ia-32
Debian Linux 4.0 arm
Debian Linux 4.0 hppa
Debian Linux 4.0 sparc
Debian Linux 4.0 s/390
Debian Linux 4.0 powerpc
Debian Linux 4.0 alpha
Debian Linux 4.0 m68k
Debian Linux 4.0
Debian Linux 4.0 mipsel
Debian Linux 4.0 ia-64
Debian Linux 4.0 mips
Solution:
Please see the referenced advisories for more information.
Debian Linux 4.0 amd64
-
Debian gforge-plugin-scmcvs_4.5.14-5etch1_all.deb
http://security.debian.org/pool/updates/main/g/gforge-plugin-scmcvs/gf orge-plugin-scmcvs_4.5.14-5etch1_all.deb
Debian Linux 4.0 ia-32
-
Debian gforge-plugin-scmcvs_4.5.14-5etch1_all.deb
http://security.debian.org/pool/updates/main/g/gforge-plugin-scmcvs/gf orge-plugin-scmcvs_4.5.14-5etch1_all.deb
Debian Linux 4.0 arm
-
Debian gforge-plugin-scmcvs_4.5.14-5etch1_all.deb
http://security.debian.org/pool/updates/main/g/gforge-plugin-scmcvs/gf orge-plugin-scmcvs_4.5.14-5etch1_all.deb
Debian Linux 4.0 hppa
-
Debian gforge-plugin-scmcvs_4.5.14-5etch1_all.deb
http://security.debian.org/pool/updates/main/g/gforge-plugin-scmcvs/gf orge-plugin-scmcvs_4.5.14-5etch1_all.deb
Debian Linux 4.0 sparc
-
Debian gforge-plugin-scmcvs_4.5.14-5etch1_all.deb
http://security.debian.org/pool/updates/main/g/gforge-plugin-scmcvs/gf orge-plugin-scmcvs_4.5.14-5etch1_all.deb
Debian Linux 4.0 s/390
-
Debian gforge-plugin-scmcvs_4.5.14-5etch1_all.deb
http://security.debian.org/pool/updates/main/g/gforge-plugin-scmcvs/gf orge-plugin-scmcvs_4.5.14-5etch1_all.deb
Debian Linux 4.0 powerpc
-
Debian gforge-plugin-scmcvs_4.5.14-5etch1_all.deb
http://security.debian.org/pool/updates/main/g/gforge-plugin-scmcvs/gf orge-plugin-scmcvs_4.5.14-5etch1_all.deb
Debian Linux 4.0 alpha
-
Debian gforge-plugin-scmcvs_4.5.14-5etch1_all.deb
http://security.debian.org/pool/updates/main/g/gforge-plugin-scmcvs/gf orge-plugin-scmcvs_4.5.14-5etch1_all.deb
Debian Linux 4.0 m68k
-
Debian gforge-plugin-scmcvs_4.5.14-5etch1_all.deb
http://security.debian.org/pool/updates/main/g/gforge-plugin-scmcvs/gf orge-plugin-scmcvs_4.5.14-5etch1_all.deb
Debian Linux 4.0
-
Debian gforge-plugin-scmcvs_4.5.14-5etch1_all.deb
http://security.debian.org/pool/updates/main/g/gforge-plugin-scmcvs/gf orge-plugin-scmcvs_4.5.14-5etch1_all.deb
Debian Linux 4.0 mipsel
-
Debian gforge-plugin-scmcvs_4.5.14-5etch1_all.deb
http://security.debian.org/pool/updates/main/g/gforge-plugin-scmcvs/gf orge-plugin-scmcvs_4.5.14-5etch1_all.deb
Debian Linux 4.0 ia-64
-
Debian gforge-plugin-scmcvs_4.5.14-5etch1_all.deb
http://security.debian.org/pool/updates/main/g/gforge-plugin-scmcvs/gf orge-plugin-scmcvs_4.5.14-5etch1_all.deb
Debian Linux 4.0 mips
-
Debian gforge-plugin-scmcvs_4.5.14-5etch1_all.deb
http://security.debian.org/pool/updates/main/g/gforge-plugin-scmcvs/gf orge-plugin-scmcvs_4.5.14-5etch1_all.deb
References
GForge Unspecified Remote Arbitrary Command Execution Vulnerability
References:
References:
- GForge Homepage (GForge)