[Forgot Password]
Login  Register Subscribe

23631

 
 

126998

 
 

102010

 
 

909

 
 

80911

 
 

121

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2017-16667Date: (C)2017-11-10   (M)2018-02-19


backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft an unreadable file with a specific name to run arbitrary shell commands.

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score  : 7.8CVSS Score  : 9.3
Exploit Score: 1.8Exploit Score: 8.6
Impact Score : 5.9Impact Score : 10.0
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: LOCALAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: REQUIREDConfidentiality: COMPLETE
Scope: UNCHANGEDIntegrity: COMPLETE
Confidentiality: HIGHAvailability: COMPLETE
Integrity: HIGH 
Availability: HIGH 
  





Reference:
GLSA-201801-06
https://github.com/bit-team/backintime/commit/cef81d0da93ff601252607df3db1a48f7f6f01b3
https://github.com/bit-team/backintime/issues/834
https://github.com/bit-team/backintime/releases/tag/v1.1.24

CWE    1
CWE-78
OVAL    3
oval:org.secpod.oval:def:113448
oval:org.secpod.oval:def:113444
oval:org.secpod.oval:def:113642

© 2013 SecPod Technologies