CVE-2007-3010 Information

Description

masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.

Reference

http://marc.info/?l=full-disclosure&m=119002152126755&w=2 http://osvdb.org/40521 http://secunia.com/advisories/26853 http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php http://www.securityfocus.com/archive/1/479699/100/0/threaded http://www.securityfocus.com/bid/25694 http://www.vupen.com/english/advisories/2007/3185 http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm https://exchange.xforce.ibmcloud.com/vulnerabilities/36632