CVE-2006-6678

Name of the Vulnerable Software and Affected Versions: Netrik versions 1.15.4 and earlier

Description: The issue concerns the edit textarea function in form-file.c, which does not properly verify temporary filenames when editing textarea fields. This allows attackers to execute arbitrary commands via shell metacharacters in the filename. Multiple vulnerabilities in the Netrik package of the Debian GNU/Linux operating system can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information.

Recommendations: For Netrik versions 1.15.4 and earlier, as a temporary workaround, consider disabling the edit textarea function in form-file.c until a patch is available. Restrict access to the form-file.c module to minimize the risk of exploitation. Avoid using the edit textarea function when editing textarea fields until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.