CVE-2009-3233
published 2009-09-17CVE-2009-3233: changetrack 4.3 allows local users to execute arbitrary commands via CRLF sequences and shell metacharacters in a filename in a directory that is checked by…
PriorityP335high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
0.95%
56.9th percentile
changetrack 4.3 allows local users to execute arbitrary commands via CRLF sequences and shell metacharacters in a filename in a directory that is checked by changetrack.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cameron_morland | changetrack | — | — |
| cameron_morland | changetrack | >= 0 < 4.5-2 | 4.5-2 |
| cameron_morland | changetrack | >= 0 < 4.5-2 | 4.5-2 |
| cameron_morland | changetrack | >= 0 < 4.5-2 | 4.5-2 |
| cameron_morland | changetrack | >= 0 < 4.5-2 | 4.5-2 |
| debian | changetrack | < changetrack 4.5-2 (bookworm) | changetrack 4.5-2 (bookworm) |
CVSS provenance
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH
vendor_debian7.2MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-62jg-wqh5-h6g8: changetrack 4
ghsa_unreviewed·2022-05-02
CVE-2009-3233 [HIGH] CWE-78 GHSA-62jg-wqh5-h6g8: changetrack 4
changetrack 4.3 allows local users to execute arbitrary commands via CRLF sequences and shell metacharacters in a filename in a directory that is checked by changetrack.
OSV
CVE-2009-3233: changetrack 4
osv·2009-09-17·CVSS 7.2
CVE-2009-3233 [HIGH] CVE-2009-3233: changetrack 4
changetrack 4.3 allows local users to execute arbitrary commands via CRLF sequences and shell metacharacters in a filename in a directory that is checked by changetrack.
Debian
CVE-2009-3233: changetrack - changetrack 4.3 allows local users to execute arbitrary commands via CRLF sequen...
vendor_debian·2009·CVSS 7.2
CVE-2009-3233 [HIGH] CVE-2009-3233: changetrack - changetrack 4.3 allows local users to execute arbitrary commands via CRLF sequen...
changetrack 4.3 allows local users to execute arbitrary commands via CRLF sequences and shell metacharacters in a filename in a directory that is checked by changetrack.
Scope: local
bookworm: resolved (fixed in 4.5-2)
bullseye: resolved (fixed in 4.5-2)
forky: resolved (fixed in 4.5-2)
sid: resolved (fixed in 4.5-2)
trixie: resolved (fixed in 4.5-2)
No detection rules found.
No writeups or analysis indexed.
http://bugs.debian.org/546791http://secunia.com/advisories/36756http://www.openwall.com/lists/oss-security/2009/09/16/3http://www.securityfocus.com/bid/36420http://bugs.debian.org/546791http://secunia.com/advisories/36756http://www.openwall.com/lists/oss-security/2009/09/16/3http://www.securityfocus.com/bid/36420
2009-09-17
Published