CVE-2011-2899

Name of the Vulnerable Software and Affected Versions system-config-printer versions 0.6.x through 0.7.x system-config-printer-libs versions 0.7.32.10 system-config-printer-gui versions 0.6.116.10

Description The issue allows remote SMB servers to execute arbitrary commands via shell metacharacters in the (1) NetBIOS or (2) workgroup name, which are not properly handled when searching for network printers. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be carried out remotely.

Recommendations For system-config-printer versions 0.6.x through 0.7.x, consider disabling the pysmb.py function until a patch is available. For system-config-printer-libs versions 0.7.32.10, restrict access to the vulnerable module to minimize the risk of exploitation. For system-config-printer-gui versions 0.6.116.10, avoid using the NetBIOS or workgroup name in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.