Afuse 'afuse.c' Shell Command Injection Vulnerability
BID:30245
Info
Afuse 'afuse.c' Shell Command Injection Vulnerability
| Bugtraq ID: | 30245 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2008-2232 |
| Remote: | No |
| Local: | Yes |
| Published: | Jul 16 2008 12:00AM |
| Updated: | Apr 13 2015 09:17PM |
| Credit: | Anders Kaseorg |
| Vulnerable: |
Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 Afuse Afuse 0.2-2 |
| Not Vulnerable: |
Afuse Afuse 0.2-3 |
Discussion
Afuse 'afuse.c' Shell Command Injection Vulnerability
Afuse is prone to a command-injection vulnerability.
Attackers can exploit this issue to execute arbitrary shell commands with the privileges of the user running the affected application.
Afuse 2.0-2 is vulnerable; prior versions may also be affected.
Afuse is prone to a command-injection vulnerability.
Attackers can exploit this issue to execute arbitrary shell commands with the privileges of the user running the affected application.
Afuse 2.0-2 is vulnerable; prior versions may also be affected.
Exploit / POC
Afuse 'afuse.c' Shell Command Injection Vulnerability
Attackers can use standard commands to exploit this issue.
Attackers can use standard commands to exploit this issue.
Solution / Fix
Afuse 'afuse.c' Shell Command Injection Vulnerability
Solution:
The vendor has fixed this issue in Afuse 0.2-3. Please see the references for more information.
Solution:
The vendor has fixed this issue in Afuse 0.2-3. Please see the references for more information.
References
Afuse 'afuse.c' Shell Command Injection Vulnerability
References:
References: