Executive Summary
| Summary | |
|---|---|
| Title | New albatross packages fix arbitrary code execution |
| Informations | |||
|---|---|---|---|
| Name | DSA-942 | First vendor Publication | 2006-01-16 |
| Vendor | Debian | Last vendor Modification | 2006-01-16 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A design error has been discovered in the Albatross web application toolkit that causes user supplied data to be used as part of template execution and hence arbitrary code execution. The old stable distribution (woody) does not contain albatross packages. For the stable distribution (sarge) this problem has been fixed in version 1.20-2. For the unstable distribution (sid) this problem has been fixed in version 1.33-1. We recommend that you upgrade your albatross package. |
Original Source
| Url : http://www.debian.org/security/2006/dsa-942 |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 6 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-01-17 | Name : Debian Security Advisory DSA 942-1 (albatross) File : nvt/deb_942_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 949-1 (crawl) File : nvt/deb_949_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 22451 | Albatross Template Manipulation Arbitrary Command Execution Albatross contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the application not properly sanitizing user input supplied for execution in a template. This may allow an attacker to insert arbitrary Python code which will be executed by the vulnerable script. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-942.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:34:48 |
|
