[Bug 195696] [NEW] [diatheke] [CVE-2008-0932] insufficient input sanitising

hk47 Tue, 26 Feb 2008 00:10:20 -0800

*** This bug is a security vulnerability ***

Public security bug reported:


Binary package hint: diatheke

References:
DSA-1508-1 (http://www.debian.org/security/2008/dsa-1508)

Quoting:
"Dan Dennison discovered that Diatheke, a CGI program to make a bible
website, performs insufficient sanitising of a parameter, allowing a
remote attacker to execute arbitrary shell commands as the web server
user."

** Affects: sword (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: sword (Debian)
     Importance: Unknown
         Status: Unknown

** Visibility changed to: Public

** Bug watch added: Debian Bug tracker #466449
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466449

** Also affects: sword (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466449
   Importance: Unknown
       Status: Unknown

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-0932

-- 
[diatheke] [CVE-2008-0932] insufficient input sanitising
https://bugs.launchpad.net/bugs/195696
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 195696] [NEW] [diatheke] [CVE-2008-0932] insufficient input sanitising

Reply via email to