Launchpad.net

CVE 2008-1467

** DISPUTED ** CenterIM 4.22.3 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URI, related to "received URLs in the message window." NOTE: this issue has been disputed due to the user-assisted nature, since the URL must be selected and launched by the victim.

Related bugs and status

CVE-2008-1467 (Candidate) is related to these bugs:

Bug #212088: [CVE-2008-1467] remote command execution via crafted URL

		In	Importance	Status
212088	[CVE-2008-1467] remote command execution via crafted URL	centerim (Ubuntu)	Undecided	Fix Released
212088	[CVE-2008-1467] remote command execution via crafted URL	centerim (Ubuntu Gutsy)	Undecided	Won't Fix
212088	[CVE-2008-1467] remote command execution via crafted URL	centerim (Ubuntu Hardy)	Undecided	Fix Released
212088	[CVE-2008-1467] remote command execution via crafted URL	centerim (Debian)	Unknown	Fix Released
212088	[CVE-2008-1467] remote command execution via crafted URL	centericq (Ubuntu)	Undecided	Invalid
212088	[CVE-2008-1467] remote command execution via crafted URL	centericq (Ubuntu Gutsy)	Undecided	Invalid
212088	[CVE-2008-1467] remote command execution via crafted URL	centericq (Ubuntu Hardy)	Undecided	Invalid
212088	[CVE-2008-1467] remote command execution via crafted URL	centericq (Ubuntu Dapper)	Undecided	Won't Fix
212088	[CVE-2008-1467] remote command execution via crafted URL	centerim (Ubuntu Dapper)	Undecided	Invalid
212088	[CVE-2008-1467] remote command execution via crafted URL	centericq (Ubuntu Edgy)	Undecided	Won't Fix
212088	[CVE-2008-1467] remote command execution via crafted URL	centerim (Ubuntu Edgy)	Undecided	Invalid
212088	[CVE-2008-1467] remote command execution via crafted URL	centericq (Ubuntu Feisty)	Undecided	Won't Fix
212088	[CVE-2008-1467] remote command execution via crafted URL	centerim (Ubuntu Feisty)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

References

BID: 28362
SECUNIA: 29489
FEDORA: FEDORA-2008-2867
FEDORA: FEDORA-2008-2869
SECUNIA: 29597
VUPEN: ADV-2008-0956
XF: centerim-chat-shell-co...
EXPLOIT-DB: 5283