Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2012-2244

Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote authenticated administrators to execute arbitrary programs by modifying the path to clamav. NOTE: this can be exploited without authentication by leveraging CVE-2012-2243.

Related bugs and status

CVE-2012-2244 (Candidate) is related to these bugs:

Bug #1057238: Arbitrary Code Execution via pathtoclam config setting

		In	Importance	Status
1057238	Arbitrary Code Execution via pathtoclam config setting	Mahara	Critical	Fix Released
1057238	Arbitrary Code Execution via pathtoclam config setting	Mahara 1.5	Critical	Fix Released
1057238	Arbitrary Code Execution via pathtoclam config setting	Mahara 1.4	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugs.launchpad...
CONFIRM: https://mahara.org/int...
DEBIAN: DSA-2591