SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2011-1018

Date: (C)2011-02-25 (M)2023-12-22

logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 10.0
Exploit Score: 10.0
Impact Score: 10.0

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE

Reference:

SECTRACK-1025165

FEDORA-2011-2318

FEDORA-2011-2328

FEDORA-2011-2396

SUSE-SR:2011:005

http://sourceforge.net/mailarchive/forum.php?thread_name=4D604843.7040303%40mblmail.net&forum_name=logwatch-devel

http://www.openwall.com/lists/oss-security/2011/02/24/13

http://www.openwall.com/lists/oss-security/2011/02/24/15

http://logwatch.svn.sourceforge.net/viewvc/logwatch/scripts/logwatch.pl?r1=3&r2=26&pathrev=26

http://sourceforge.net/tracker/?func=detail&aid=3184223&group_id=312875&atid=1316824

https://bugzilla.redhat.com/show_bug.cgi?id=680237

oval:org.secpod.oval:def:500242
oval:org.secpod.oval:def:103182
oval:org.secpod.oval:def:101282
oval:org.secpod.oval:def:101281
...

© SecPod Technologies