Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C
Vendors Products
Debian
  • Debian Linux
Newsbeuter
  • Newsbeuter

Configuration 1 [-]

OR cpe:2.3:a:newsbeuter:newsbeuter:0.7:*:*:*:*:*:*:*
cpe:2.3:a:newsbeuter:newsbeuter:0.8:*:*:*:*:*:*:*
cpe:2.3:a:newsbeuter:newsbeuter:0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:newsbeuter:newsbeuter:0.8.2:*:*:*:*:*:*:*
cpe:2.3:a:newsbeuter:newsbeuter:0.9:*:*:*:*:*:*:*
cpe:2.3:a:newsbeuter:newsbeuter:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:newsbeuter:newsbeuter:1.0:*:*:*:*:*:*:*
cpe:2.3:a:newsbeuter:newsbeuter:1.1:*:*:*:*:*:*:*
cpe:2.3:a:newsbeuter:newsbeuter:1.2:*:*:*:*:*:*:*
cpe:2.3:a:newsbeuter:newsbeuter:1.3:*:*:*:*:*:*:*
cpe:2.3:a:newsbeuter:newsbeuter:2.0:*:*:*:*:*:*:*
cpe:2.3:a:newsbeuter:newsbeuter:2.1:*:*:*:*:*:*:*
cpe:2.3:a:newsbeuter:newsbeuter:2.2:*:*:*:*:*:*:*
cpe:2.3:a:newsbeuter:newsbeuter:2.3:*:*:*:*:*:*:*
cpe:2.3:a:newsbeuter:newsbeuter:2.4:*:*:*:*:*:*:*
cpe:2.3:a:newsbeuter:newsbeuter:2.5:*:*:*:*:*:*:*
cpe:2.3:a:newsbeuter:newsbeuter:2.6:*:*:*:*:*:*:*
cpe:2.3:a:newsbeuter:newsbeuter:2.7:*:*:*:*:*:*:*
cpe:2.3:a:newsbeuter:newsbeuter:2.8:*:*:*:*:*:*:*
cpe:2.3:a:newsbeuter:newsbeuter:2.9:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
References
Link Resource
http://www.debian.org/security/2017/dsa-3947 Third Party Advisory
https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307 Patch Third Party Advisory
https://github.com/akrennmair/newsbeuter/issues/591 Issue Tracking Third Party Advisory
https://groups.google.com/forum/#%21topic/newsbeuter/iFqSE7Vz-DE
https://usn.ubuntu.com/4585-1/
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-08-23T14:00:00

Updated: 2020-10-21T19:06:17

Reserved: 2017-08-17T00:00:00

Link: CVE-2017-12904

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2017-08-23T14:29:00.393

Modified: 2023-11-07T02:38:32.033

Link: CVE-2017-12904

JSON object: View

cve-icon Redhat Information

No data.

CWE