Vulnerability Description
Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment.
CVSS Score
6.8
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Supmua | Sup | <= 0.13.2 |
Related Weaknesses (CWE)
References
- http://rubyforge.org/pipermail/sup-talk/2013-August/004993.html
- http://rubyforge.org/pipermail/sup-talk/2013-October/004996.html
- http://secunia.com/advisories/55294Vendor Advisory
- http://secunia.com/advisories/55400Vendor Advisory
- http://www.debian.org/security/2012/dsa-2805
- http://www.openwall.com/lists/oss-security/2013/10/30/2
- https://github.com/sup-heliotrope/sup/commit/8b46cdbfc14e07ca07d403aa28b0e7bc1c5ExploitPatch
- http://rubyforge.org/pipermail/sup-talk/2013-August/004993.html
- http://rubyforge.org/pipermail/sup-talk/2013-October/004996.html
- http://secunia.com/advisories/55294Vendor Advisory
- http://secunia.com/advisories/55400Vendor Advisory
- http://www.debian.org/security/2012/dsa-2805
- http://www.openwall.com/lists/oss-security/2013/10/30/2
- https://github.com/sup-heliotrope/sup/commit/8b46cdbfc14e07ca07d403aa28b0e7bc1c5ExploitPatch
FAQ
What is CVE-2013-4478?
CVE-2013-4478 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment.
How severe is CVE-2013-4478?
CVE-2013-4478 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4478?
Check the references section above for vendor advisories and patch information. Affected products include: Supmua Sup.