PT-2013-6255 · Ack+1 · Ack+1

Jimrandomh

Published

2013-12-05

Updated

2024-06-15

CVE-2013-7069

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ack versions 2.00 through 2.11 02

Description The issue allows remote attackers to execute arbitrary code via certain options in a .ackrc file in a directory to be searched. Specifically, the options --pager, --regex, and --output are vulnerable.

Recommendations For ack versions 2.00 through 2.11 02, consider removing or restricting the use of the --pager, --regex, and --output options in .ackrc files until a patch is available. Avoid using these options in directories that may be searched by untrusted users.

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

ALT-PU-2013-1248

CVE-2013-7069

OPENSUSE-SU-2024:10014-1

Affected Products

Alt Linux

Ack

PT-2013-6255 · Ack+1 · Ack+1

CVE-2013-7069

Weakness Enumeration

Related Identifiers

Affected Products

References · 14