First published: Mon Aug 01 2016(Updated: )
vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ntpServer parameter.
Credit: meissner@suse.de
Affected Software | Affected Version | How to fix |
---|---|---|
Novell Filr | <=1.2 | |
Novell Filr | <=2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-1608 has a medium severity rating due to its potential for remote code execution by authenticated users.
To fix CVE-2016-1608, upgrade to Novell Filr version 1.2 Security Update 3 or 2.0 Security Update 2.
CVE-2016-1608 affects users of Novell Filr versions prior to 1.2 Security Update 3 and 2.0 Security Update 2.
CVE-2016-1608 is classified as a command injection vulnerability.
Yes, CVE-2016-1608 can be exploited remotely by authenticated users.