Debian reportbug Software Package Remote Command Execution Vulnerability (CVE-2014-0479)
Release date:
Updated on:
Affected Systems:
Debian reportbug
Description:
--------------------------------------------------------------------------------
Bugtraq id: 69055
CVE (CAN) ID: CVE-2014-0479
Reportbug is a tool for reporting bugs in Debian.
Reportbug has the remote command execution vulnerability. Man-in-the-middle attackers can place shell metacharacters in the version number, causing arbitrary code execution with the current user permission.
<* Source: Jakub Wilk
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Debian
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://wiki.debian.org/reportbug
This article permanently updates the link address: