Vulnerability Description
unp 1.0.12, and other versions before 1.0.14, does not properly escape file names, which might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument. NOTE: this might only be a vulnerability when unp is invoked by a third party product.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian | Unp | <= 1.0.12 |
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448437
- http://bugs.gentoo.org/show_bug.cgi?id=203106
- http://osvdb.org/42759
- http://secunia.com/advisories/28282Vendor Advisory
- http://secunia.com/advisories/28388Vendor Advisory
- http://security.gentoo.org/glsa/glsa-200801-01.xml
- http://www.securityfocus.com/bid/27182
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448437
- http://bugs.gentoo.org/show_bug.cgi?id=203106
- http://osvdb.org/42759
- http://secunia.com/advisories/28282Vendor Advisory
- http://secunia.com/advisories/28388Vendor Advisory
- http://security.gentoo.org/glsa/glsa-200801-01.xml
- http://www.securityfocus.com/bid/27182
FAQ
What is CVE-2007-6610?
CVE-2007-6610 is a vulnerability with a CVSS score of 10.0 (HIGH). unp 1.0.12, and other versions before 1.0.14, does not properly escape file names, which might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename ar...
How severe is CVE-2007-6610?
CVE-2007-6610 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-6610?
Check the references section above for vendor advisories and patch information. Affected products include: Debian Unp.