oval:org.mitre.oval:def:13754

Definition Id: oval:org.mitre.oval:def:13754
 
Oval ID: oval:org.mitre.oval:def:13754
Title: DSA-1704-2 netatalk -- arbitrary code execution
Description: The update in DSA 1704-1 was incomplete as it missed to escape a few important characters which enabled an attacker to overwrite arbitrary files. It was discovered that netatalk, an implementation of the AppleTalk suite, is affected by a command injection vulnerability when processing PostScript streams via papd. This is leading to arbitrary remote code execution. Note that this only affects installations that are configured to use a pipe command in combination with wildcard symbols substituted with values of the printed job. For the stable distribution this problem has been fixed in version 2.0.3-4+etch2. For the unstable distribution this problem has been fixed in version 2.0.4~beta2-1.1. We recommend that you upgrade your netatalk package.
Family: unix Class: patch
Reference(s): DSA-1704-2
CVE-2008-5500
CVE-2008-5503
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5511
CVE-2008-5512
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): netatalk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6461
 
Oval ID: oval:org.mitre.oval:def:6461
Title: Debian GNU/Linux 4.0 is installed.
Description: Debian GNU/Linux 4.0 (etch) is installed
Family: unix Class: inventory
Reference(s): cpe:/o:debian:debian_gnu/linux:4.0
Version: 9
Platform(s): Debian GNU/Linux 4.0
Product(s):
Definition Synopsis:
Referenced By:
oval:org.mitre.oval:def:13754