PT-2003-2483 · Suse · Office Server+3
Published
2003-12-31
·
Updated
2008-09-05
·
CVE-2003-1538
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
SuSE Linux versions 8.1
Enterprise Server version 8
Office Server (affected versions not specified)
Openexchange Server version 4
Description
The issue is related to the susehelp component, which does not properly filter shell metacharacters. This allows remote attackers to execute arbitrary commands via CGI queries.
Recommendations
For SuSE Linux version 8.1, update the susehelp component to properly filter shell metacharacters.
For Enterprise Server version 8, update the susehelp component to properly filter shell metacharacters.
For Office Server, at the moment, there is no information about a newer version that contains a fix for this issue.
For Openexchange Server version 4, update the susehelp component to properly filter shell metacharacters.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Enterprise Server
Office Server
Open-Xchange Server
Suse Linux