CVE-2008-5718 — OS Command Injection in Netatalk

CWE-78 — OS Command Injection7 documents7 sources

Severity

9.3CRITICALNVD

EPSS

1.8%

top 17.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netatalk Debian Netatalk

Timeline

PublishedDec 26

Latest updateMay 17

Description

The papd daemon in Netatalk before 2.0.4-beta2, when using certain variables in a pipe command for the print file, allows remote attackers to execute arbitrary commands via shell metacharacters in a print request, as demonstrated using a crafted Title.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/netatalk< netatalk 2.0.4~beta2-1 (bullseye)

▶Debiannetatalk/netatalk< 2.0.4~beta2-1+2

▶NVDnetatalk/netatalk2.0.3+25

Patches

Patch: www.debian.org ↗Patch: www.securityfocus.com ↗Patch: www.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-53jp-4vhp-x2vh: The papd daemon in Netatalk before 2↗2022-05-17

▶

OSV

CVE-2008-5718: The papd daemon in Netatalk before 2↗2008-12-26

▶

CVEList

CVE-2008-5718: The papd daemon in Netatalk before 2↗2008-12-26

▶

📋Vendor Advisories

Debian

CVE-2008-5718: netatalk - The papd daemon in Netatalk before 2.0.4-beta2, when using certain variables in ...↗2008

▶

Red Hat

netatalk: papd command injection vulnerability↗

▶

💬Community

Bugzilla

CVE-2008-5718 netatalk: papd command injection vulnerability↗2009-01-19

▶