CVE-2011-2899 Information

Feb 14, 2021 cve

Description

pysmb.py in system-config-printer 0.6.x and 0.7.x as used in foomatic-gui and possibly other products allows remote SMB servers to execute arbitrary commands via shell metacharacters in the (1) NetBIOS or (2) workgroup name which are not properly handled when searching for network printers.

Reference

http://cvs.savannah.gnu.org/viewvc/foomatic-gui/foomatic/pysmb.py?root=foomatic-gui&r1=1.2&r2=1.3&view=patch http://secunia.com/advisories/45744 http://www.redhat.com/support/errata/RHSA-2011-1196.html http://www.securitytracker.com/id?1025967 https://bugs.launchpad.net/ubuntu/+source/foomatic-gui/+bug/811119 https://bugzilla.redhat.com/show_bug.cgi?id=728348

Share on: