Launchpad.net

CVE 2008-5718

The papd daemon in Netatalk before 2.0.4-beta2, when using certain variables in a pipe command for the print file, allows remote attackers to execute arbitrary commands via shell metacharacters in a print request, as demonstrated using a crafted Title.

Related bugs and status

CVE-2008-5718 (Candidate) is related to these bugs:

Bug #318665: Please merge netatalk_2.0.4~beta2-4.1(universe) from debian unstable

Summary				In	Importance	Status
	318665	Please merge netatalk_2.0.4~beta2-4.1(universe) from debian unstable		netatalk (Ubuntu)	Undecided	Fix Released

Bug #318670: CVE 2008-5718 in netatalk

		In	Importance	Status
318670	CVE 2008-5718 in netatalk	netatalk (Ubuntu)	Undecided	Fix Released
318670	CVE 2008-5718 in netatalk	netatalk (Ubuntu Dapper)	Undecided	Won't Fix
318670	CVE 2008-5718 in netatalk	netatalk (Ubuntu Gutsy)	Undecided	Won't Fix
318670	CVE 2008-5718 in netatalk	netatalk (Ubuntu Hardy)	Undecided	Won't Fix
318670	CVE 2008-5718 in netatalk	netatalk (Ubuntu Intrepid)	Undecided	Invalid
318670	CVE 2008-5718 in netatalk	netatalk (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://sourceforge.net...
OSVDB: 50824
SECUNIA: 33227
MLIST: [oss-security] 2009011...
DEBIAN: DSA-1705
SECUNIA: 33548
BID: 32925
SUSE: SUSE-SR:2009:004
FEDORA: FEDORA-2009-3064
FEDORA: FEDORA-2009-3069
SECUNIA: 34484