Description
licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
Affected products
- conectiva / linux4.1 – 4.1
- conectiva / linux4.0 – 4.0
- conectiva / linux4.0es – 4.0es
- conectiva / linux4.2 – 4.2
- conectiva / linux5.0 – 5.0
- FreeBSD / FreeBSD4.2 – 4.2
- FreeBSD / FreeBSD3.5.1 – 3.5.1
- licq / licq1.0.2
- mandrakesoft / mandrake_linux7.1 – 7.1
- mandrakesoft / mandrake_linux7.2 – 7.2
- mandrakesoft / mandrake_linux_corporate_server1.0.1 – 1.0.1
- RedHat / linux7.0 – 7.0
References
- MISChttp://archives.neohapsis.com/archives/freebsd/2001-04/0607.html
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/6261
- MISChttp://www.linux-mandrake.com/en/security/2001/MDKSA-2001-032.php3
- MISChttp://www.redhat.com/support/errata/RHSA-2001-023.html
- MISChttp://www.osvdb.org/5641
- MISChttp://www.redhat.com/support/errata/RHSA-2001-022.html
- MISChttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000389