Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2008-2575First vendor Publication2008-06-06
VendorCveLast vendor Modification2017-08-07

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score6.8Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

ImpactsProvides unauthorized access : Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

cbrPager before 0.9.17 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a (1) ZIP (aka .cbz) or (2) RAR (aka .cbr) archive filename.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2575

CAPEC : Common Attack Pattern Enumeration & Classification

idName
CAPEC-6Argument Injection
CAPEC-15Command Delimiters
CAPEC-43Exploiting Multiple Input Interpretation Layers
CAPEC-88OS Command Injection
CAPEC-108Command Line Execution through SQL Injection

CWE : Common Weakness Enumeration

%idName
100 %CWE-94Failure to Control Generation of Code ('Code Injection')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application15

OpenVAS Exploits

DateDescription
2008-09-24Name : Gentoo Security Advisory GLSA 200806-05 (cbrpager)
File : nvt/glsa_200806_05.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
45685cbrPager system() Function Archive Handling Arbitrary Remote Command Execution

Nessus® Vulnerability Scanner

DateDescription
2008-06-18Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200806-05.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
CONFIRM http://cvs.fedoraproject.org/viewcvs/rpms/cbrpager/devel/cbrpager-0.9.16-file...
http://sourceforge.net/forum/forum.php?forum_id=827120
http://sourceforge.net/project/shownotes.php?release_id=601538&group_id=1...
http://www.jcoppens.com/soft/cbrpager/log.en.php
https://bugzilla.redhat.com/show_bug.cgi?id=448285
GENTOO http://security.gentoo.org/glsa/glsa-200806-05.xml
VUPEN http://www.vupen.com/english/advisories/2008/1693/references
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/42741

Alert History

If you want to see full details history, please login or register.
0
1
2
3
DateInformations
2017-08-08 09:24:08
  • Multiple Updates
2016-04-26 17:30:37
  • Multiple Updates
2014-02-17 10:45:16
  • Multiple Updates
2013-05-11 00:18:48
  • Multiple Updates