CVE-2009-1669
Priority
Medium
Description
The smarty_function_math function in libs/plugins/function.math.php in
Smarty 2.6.22 allows context-dependent attackers to execute arbitrary
commands via shell metacharacters in the equation attribute of the math
function. NOTE: some of these details are obtained from third party
information.
Smarty 2.6.22 allows context-dependent attackers to execute arbitrary
commands via shell metacharacters in the equation attribute of the math
function. NOTE: some of these details are obtained from third party
information.
References
Notes
mdeslaur> may be a PoC here: http://www.milw0rm.com/exploits/8659
mdeslaur> Debian says: TODO: check. It should be windows specific.
mdeslaur> Debian says: TODO: check. It should be windows specific.
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (reached end-of-life) |
| Ubuntu 10.04 LTS (Lucid Lynx): | not-affected (uses system smarty) |
| Ubuntu 11.04 (Natty Narwhal): | not-affected (uses system smarty) |
| Ubuntu 11.10 (Oneiric Ocelot): | not-affected (uses system smarty) |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected (uses system smarty) |
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | released (1.8.2-1ubuntu4.2) |
| Ubuntu 10.04 LTS (Lucid Lynx): | not-affected (uses system smarty) |
| Ubuntu 11.04 (Natty Narwhal): | not-affected (uses system smarty) |
| Ubuntu 11.10 (Oneiric Ocelot): | not-affected (uses system smarty) |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected (uses system smarty) |
Package
| Upstream: | needed |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (reached end-of-life) |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (2.6.22-1ubuntu2) |
| Ubuntu 11.04 (Natty Narwhal): | released (2.6.22-1ubuntu2) |
| Ubuntu 11.10 (Oneiric Ocelot): | released (2.6.22-1ubuntu2) |
| Ubuntu 12.04 LTS (Precise Pangolin): | released (2.6.22-1ubuntu2) |