Description
changetrack 4.3 allows local users to execute arbitrary commands via CRLF sequences and shell metacharacters in a filename in a directory that is checked by changetrack.
Affected products
- cameron_morland / changetrack4.3 – 4.3
References
- MAILING_LISThttp://www.openwall.com/lists/oss-security/2009/09/16/3
- MISChttp://www.securityfocus.com/bid/36420
- VENDOR_ADVISORYhttp://bugs.debian.org/546791
- VENDOR_ADVISORYhttp://secunia.com/advisories/36756