REDHAT-BUG-728348
First published: Thu Aug 04 2011(Updated: )
It was reported [1] that pysmb.py in system-config-printer does not sanitize a host's netbios name or workgroup/domain name. A specially crafted netbios name on the local network could cause pysmb.py to execute arbitrary commands based on the hostname. This was originally reported in Ubuntu against foomatic-gui, and has been patched [2], however the origin of the script in foomatic-gui is in the system-config-printer package. If a remote SMB server on the local network had a crafted hostname and a user ran pysmb.py, it would be possible for shell commands to be executed with the privileges of the user running pysmb.py. The pysmb.py script in Red Hat Enterprise Linux 6 does not use os.popen(). [1] <a href="https://bugs.launchpad.net/ubuntu/+source/foomatic-gui/+bug/811119">https://bugs.launchpad.net/ubuntu/+source/foomatic-gui/+bug/811119</a> [2] <a href="http://cvs.savannah.gnu.org/viewvc/foomatic-gui/foomatic/pysmb.py?root=foomatic-gui&r1=1.2&r2=1.3&view=patch">http://cvs.savannah.gnu.org/viewvc/foomatic-gui/foomatic/pysmb.py?root=foomatic-gui&r1=1.2&r2=1.3&view=patch</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ubuntu foomatic-gui | ||
| Red Hat Enterprise Linux | ||
| Red Hat system-config-printer |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-2899
- agent/severity
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/ubuntu
- canonical/ubuntu foomatic-gui
- vendor/red hat
- canonical/red hat enterprise linux
- vendor/system-config-printer
- canonical/red hat system-config-printer