CVE-2011-2899

Current Description

pysmb.py in system-config-printer 0.6.x and 0.7.x, as used in foomatic-gui and possibly other products, allows remote SMB servers to execute arbitrary commands via shell metacharacters in the (1) NetBIOS or (2) workgroup name, which are not properly handled when searching for network printers.

Basic Data

PublishedAugust 31, 2011
Last ModifiedJune 15, 2012
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-20
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:H/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityHIGH
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score5.1
SeverityMEDIUM
Exploitability Score4.9
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatSystem-config-printer0.7.32.6*******
    2.3ApplicationRedhatSystem-config-printer0.7.32.7*******
    2.3ApplicationRedhatSystem-config-printer0.7.32.8*******
    2.3ApplicationRedhatSystem-config-printer0.7.32.9*******
    2.3ApplicationRedhatSystem-config-printer0.7.32.10*******
    2.3ApplicationRedhatSystem-config-printer0.7.60*******
    2.3ApplicationRedhatSystem-config-printer0.7.61*******
    2.3ApplicationRedhatSystem-config-printer0.7.62*******
    2.3ApplicationRedhatSystem-config-printer0.7.63*******
    2.3ApplicationRedhatSystem-config-printer0.7.63.1*******
    2.3ApplicationRedhatSystem-config-printer0.7.63.2*******
    2.3ApplicationRedhatSystem-config-printer0.7.63.3*******
    2.3ApplicationRedhatSystem-config-printer0.7.63.4*******
    2.3ApplicationRedhatSystem-config-printer0.7.64*******
    2.3ApplicationRedhatSystem-config-printer0.7.65*******
    2.3ApplicationRedhatSystem-config-printer0.7.66*******
    2.3ApplicationRedhatSystem-config-printer0.7.67*******
    2.3ApplicationRedhatSystem-config-printer0.7.68*******
    2.3ApplicationRedhatSystem-config-printer0.7.69*******
    2.3ApplicationRedhatSystem-config-printer0.7.70*******
    2.3ApplicationRedhatSystem-config-printer0.7.71*******
    2.3ApplicationRedhatSystem-config-printer0.7.72*******
    2.3ApplicationRedhatSystem-config-printer0.7.73*******
    2.3ApplicationRedhatSystem-config-printer0.7.74*******
    2.3ApplicationRedhatSystem-config-printer0.7.74.1*******
    2.3ApplicationRedhatSystem-config-printer0.7.74.2*******
    2.3ApplicationRedhatSystem-config-printer0.7.74.3*******
    2.3ApplicationRedhatSystem-config-printer0.7.74.4*******
    2.3ApplicationRedhatSystem-config-printer0.7.74.5*******
    2.3ApplicationRedhatSystem-config-printer0.7.74.6*******
    2.3ApplicationRedhatSystem-config-printer0.7.74.7*******
    2.3ApplicationRedhatSystem-config-printer0.7.74.8*******
    2.3ApplicationRedhatSystem-config-printer0.7.74.9*******
    2.3ApplicationRedhatSystem-config-printer0.7.74.10*******
    2.3ApplicationRedhatSystem-config-printer0.7.74.11*******
    2.3ApplicationRedhatSystem-config-printer0.7.74.12*******
    2.3ApplicationRedhatSystem-config-printer0.7.74.13*******
    2.3ApplicationRedhatSystem-config-printer0.7.75*******
    2.3ApplicationRedhatSystem-config-printer0.7.76*******
    2.3ApplicationRedhatSystem-config-printer0.7.77*******
    2.3ApplicationRedhatSystem-config-printer0.7.78*******
    2.3ApplicationRedhatSystem-config-printer0.7.79*******
    2.3ApplicationRedhatSystem-config-printer0.7.80*******
    2.3ApplicationRedhatSystem-config-printer0.7.81*******
    2.3ApplicationRedhatSystem-config-printer0.7.82*******
    2.3ApplicationRedhatSystem-config-printer0.7.82.1*******
    2.3ApplicationRedhatSystem-config-printer0.7.82.2*******
    2.3ApplicationRedhatSystem-config-printer0.7.82.3*******
    2.3ApplicationRedhatSystem-config-printer0.7.82.4*******
    2.3ApplicationRedhatSystem-config-printer0.7.82.5*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatSystem-config-printer0.6.0*******
    2.3ApplicationRedhatSystem-config-printer0.6.1*******
    2.3ApplicationRedhatSystem-config-printer0.6.2*******
    2.3ApplicationRedhatSystem-config-printer0.6.3*******
    2.3ApplicationRedhatSystem-config-printer0.6.4*******
    2.3ApplicationRedhatSystem-config-printer0.6.5*******
    2.3ApplicationRedhatSystem-config-printer0.6.6*******
    2.3ApplicationRedhatSystem-config-printer0.6.7*******
    2.3ApplicationRedhatSystem-config-printer0.6.8*******
    2.3ApplicationRedhatSystem-config-printer0.6.9*******
    2.3ApplicationRedhatSystem-config-printer0.6.10*******
    2.3ApplicationRedhatSystem-config-printer0.6.11*******
    2.3ApplicationRedhatSystem-config-printer0.6.12*******
    2.3ApplicationRedhatSystem-config-printer0.6.13*******
    2.3ApplicationRedhatSystem-config-printer0.6.14*******
    2.3ApplicationRedhatSystem-config-printer0.6.15*******
    2.3ApplicationRedhatSystem-config-printer0.6.16*******
    2.3ApplicationRedhatSystem-config-printer0.6.17*******
    2.3ApplicationRedhatSystem-config-printer0.6.18*******
    2.3ApplicationRedhatSystem-config-printer0.6.19*******
    2.3ApplicationRedhatSystem-config-printer0.6.20*******
    2.3ApplicationRedhatSystem-config-printer0.6.21*******
    2.3ApplicationRedhatSystem-config-printer0.6.22*******
    2.3ApplicationRedhatSystem-config-printer0.6.23*******
    2.3ApplicationRedhatSystem-config-printer0.6.24*******
    2.3ApplicationRedhatSystem-config-printer0.6.25*******
    2.3ApplicationRedhatSystem-config-printer0.6.26*******
    2.3ApplicationRedhatSystem-config-printer0.6.27*******
    2.3ApplicationRedhatSystem-config-printer0.6.28*******
    2.3ApplicationRedhatSystem-config-printer0.6.29*******
    2.3ApplicationRedhatSystem-config-printer0.6.30*******
    2.3ApplicationRedhatSystem-config-printer0.6.31*******
    2.3ApplicationRedhatSystem-config-printer0.6.32*******
    2.3ApplicationRedhatSystem-config-printer0.6.33*******
    2.3ApplicationRedhatSystem-config-printer0.6.34*******
    2.3ApplicationRedhatSystem-config-printer0.6.35*******
    2.3ApplicationRedhatSystem-config-printer0.6.36*******
    2.3ApplicationRedhatSystem-config-printer0.6.37*******
    2.3ApplicationRedhatSystem-config-printer0.6.38*******
    2.3ApplicationRedhatSystem-config-printer0.6.39*******
    2.3ApplicationRedhatSystem-config-printer0.6.40*******
    2.3ApplicationRedhatSystem-config-printer0.6.41*******
    2.3ApplicationRedhatSystem-config-printer0.6.42*******
    2.3ApplicationRedhatSystem-config-printer0.6.43*******
    2.3ApplicationRedhatSystem-config-printer0.6.44*******
    2.3ApplicationRedhatSystem-config-printer0.6.45*******
    2.3ApplicationRedhatSystem-config-printer0.6.46*******
    2.3ApplicationRedhatSystem-config-printer0.6.47*******
    2.3ApplicationRedhatSystem-config-printer0.6.48*******
    2.3ApplicationRedhatSystem-config-printer0.6.49*******
    2.3ApplicationRedhatSystem-config-printer0.6.50*******
    2.3ApplicationRedhatSystem-config-printer0.6.51*******
    2.3ApplicationRedhatSystem-config-printer0.6.52*******
    2.3ApplicationRedhatSystem-config-printer0.6.53*******
    2.3ApplicationRedhatSystem-config-printer0.6.54*******
    2.3ApplicationRedhatSystem-config-printer0.6.55*******
    2.3ApplicationRedhatSystem-config-printer0.6.56*******
    2.3ApplicationRedhatSystem-config-printer0.6.57*******
    2.3ApplicationRedhatSystem-config-printer0.6.58*******
    2.3ApplicationRedhatSystem-config-printer0.6.59*******
    2.3ApplicationRedhatSystem-config-printer0.6.60*******
    2.3ApplicationRedhatSystem-config-printer0.6.61*******
    2.3ApplicationRedhatSystem-config-printer0.6.62*******
    2.3ApplicationRedhatSystem-config-printer0.6.63*******
    2.3ApplicationRedhatSystem-config-printer0.6.64*******
    2.3ApplicationRedhatSystem-config-printer0.6.65*******
    2.3ApplicationRedhatSystem-config-printer0.6.66*******
    2.3ApplicationRedhatSystem-config-printer0.6.67*******
    2.3ApplicationRedhatSystem-config-printer0.6.68*******
    2.3ApplicationRedhatSystem-config-printer0.6.69*******
    2.3ApplicationRedhatSystem-config-printer0.6.70*******
    2.3ApplicationRedhatSystem-config-printer0.6.71*******
    2.3ApplicationRedhatSystem-config-printer0.6.72*******
    2.3ApplicationRedhatSystem-config-printer0.6.73*******
    2.3ApplicationRedhatSystem-config-printer0.6.74*******
    2.3ApplicationRedhatSystem-config-printer0.6.75*******
    2.3ApplicationRedhatSystem-config-printer0.6.76*******
    2.3ApplicationRedhatSystem-config-printer0.6.77*******
    2.3ApplicationRedhatSystem-config-printer0.6.78*******
    2.3ApplicationRedhatSystem-config-printer0.6.79*******
    2.3ApplicationRedhatSystem-config-printer0.6.80*******
    2.3ApplicationRedhatSystem-config-printer0.6.81*******
    2.3ApplicationRedhatSystem-config-printer0.6.82*******
    2.3ApplicationRedhatSystem-config-printer0.6.83*******
    2.3ApplicationRedhatSystem-config-printer0.6.84*******
    2.3ApplicationRedhatSystem-config-printer0.6.85*******
    2.3ApplicationRedhatSystem-config-printer0.6.86*******
    2.3ApplicationRedhatSystem-config-printer0.6.87*******
    2.3ApplicationRedhatSystem-config-printer0.6.88*******
    2.3ApplicationRedhatSystem-config-printer0.6.89*******
    2.3ApplicationRedhatSystem-config-printer0.6.90*******
    2.3ApplicationRedhatSystem-config-printer0.6.91*******
    2.3ApplicationRedhatSystem-config-printer0.6.92*******
    2.3ApplicationRedhatSystem-config-printer0.6.93*******
    2.3ApplicationRedhatSystem-config-printer0.6.94*******
    2.3ApplicationRedhatSystem-config-printer0.6.95*******
    2.3ApplicationRedhatSystem-config-printer0.6.96*******
    2.3ApplicationRedhatSystem-config-printer0.6.97*******
    2.3ApplicationRedhatSystem-config-printer0.6.98*******
    2.3ApplicationRedhatSystem-config-printer0.6.99*******
    2.3ApplicationRedhatSystem-config-printer0.6.100*******
    2.3ApplicationRedhatSystem-config-printer0.6.101*******
    2.3ApplicationRedhatSystem-config-printer0.6.102*******
    2.3ApplicationRedhatSystem-config-printer0.6.103*******
    2.3ApplicationRedhatSystem-config-printer0.6.104*******
    2.3ApplicationRedhatSystem-config-printer0.6.105*******
    2.3ApplicationRedhatSystem-config-printer0.6.106*******
    2.3ApplicationRedhatSystem-config-printer0.6.107*******
    2.3ApplicationRedhatSystem-config-printer0.6.108*******
    2.3ApplicationRedhatSystem-config-printer0.6.109*******
    2.3ApplicationRedhatSystem-config-printer0.6.110*******
    2.3ApplicationRedhatSystem-config-printer0.6.111*******
    2.3ApplicationRedhatSystem-config-printer0.6.112*******
    2.3ApplicationRedhatSystem-config-printer0.6.113*******
    2.3ApplicationRedhatSystem-config-printer0.6.114*******
    2.3ApplicationRedhatSystem-config-printer0.6.115*******
    2.3ApplicationRedhatSystem-config-printer0.6.116*******

Vulnerable Software List

VendorProductVersions
Redhat System-config-printer 0.6.0, 0.6.1, 0.6.10, 0.6.100, 0.6.101, 0.6.102, 0.6.103, 0.6.104, 0.6.105, 0.6.106, 0.6.107, 0.6.108, 0.6.109, 0.6.11, 0.6.110, 0.6.111, 0.6.112, 0.6.113, 0.6.114, 0.6.115, 0.6.116, 0.6.12, 0.6.13, 0.6.14, 0.6.15, 0.6.16, 0.6.17, 0.6.18, 0.6.19, 0.6.2, 0.6.20, 0.6.21, 0.6.22, 0.6.23, 0.6.24, 0.6.25, 0.6.26, 0.6.27, 0.6.28, 0.6.29, 0.6.3, 0.6.30, 0.6.31, 0.6.32, 0.6.33, 0.6.34, 0.6.35, 0.6.36, 0.6.37, 0.6.38, 0.6.39, 0.6.4, 0.6.40, 0.6.41, 0.6.42, 0.6.43, 0.6.44, 0.6.45, 0.6.46, 0.6.47, 0.6.48, 0.6.49, 0.6.5, 0.6.50, 0.6.51, 0.6.52, 0.6.53, 0.6.54, 0.6.55, 0.6.56, 0.6.57, 0.6.58, 0.6.59, 0.6.6, 0.6.60, 0.6.61, 0.6.62, 0.6.63, 0.6.64, 0.6.65, 0.6.66, 0.6.67, 0.6.68, 0.6.69, 0.6.7, 0.6.70, 0.6.71, 0.6.72, 0.6.73, 0.6.74, 0.6.75, 0.6.76, 0.6.77, 0.6.78, 0.6.79, 0.6.8, 0.6.80, 0.6.81, 0.6.82, 0.6.83, 0.6.84, 0.6.85, 0.6.86, 0.6.87, 0.6.88, 0.6.89, 0.6.9, 0.6.90, 0.6.91, 0.6.92, 0.6.93, 0.6.94, 0.6.95, 0.6.96, 0.6.97, 0.6.98, 0.6.99, 0.7.32.10, 0.7.32.6, 0.7.32.7, 0.7.32.8, 0.7.32.9, 0.7.60, 0.7.61, 0.7.62, 0.7.63, 0.7.63.1, 0.7.63.2, 0.7.63.3, 0.7.63.4, 0.7.64, 0.7.65, 0.7.66, 0.7.67, 0.7.68, 0.7.69, 0.7.70, 0.7.71, 0.7.72, 0.7.73, 0.7.74, 0.7.74.1, 0.7.74.10, 0.7.74.11, 0.7.74.12, 0.7.74.13, 0.7.74.2, 0.7.74.3, 0.7.74.4, 0.7.74.5, 0.7.74.6, 0.7.74.7, 0.7.74.8, 0.7.74.9, 0.7.75, 0.7.76, 0.7.77, 0.7.78, 0.7.79, 0.7.80, 0.7.81, 0.7.82, 0.7.82.1, 0.7.82.2, 0.7.82.3, 0.7.82.4, 0.7.82.5

References

NameSourceURLTags
http://cvs.savannah.gnu.org/viewvc/foomatic-gui/foomatic/pysmb.py?root=foomatic-gui&r1=1.2&r2=1.3&view=patchhttp://cvs.savannah.gnu.org/viewvc/foomatic-gui/foomatic/pysmb.py?root=foomatic-gui&r1=1.2&r2=1.3&viMISCPatch
45744http://secunia.com/advisories/45744SECUNIAVendor Advisory
RHSA-2011:1196http://www.redhat.com/support/errata/RHSA-2011-1196.htmlREDHATVendor Advisory
1025967http://www.securitytracker.com/id?1025967SECTRACK
https://bugs.launchpad.net/ubuntu/+source/foomatic-gui/+bug/811119https://bugs.launchpad.net/ubuntu/+source/foomatic-gui/+bug/811119MISCPatch
https://bugzilla.redhat.com/show_bug.cgi?id=728348https://bugzilla.redhat.com/show_bug.cgi?id=728348CONFIRMPatch