PublicDate: 2008-03-24 21:44:00 UTC
Candidate: CVE-2008-1467
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1467
Description:
 ** DISPUTED **  CenterIM 4.22.3 and earlier allows user-assisted remote
 attackers to execute arbitrary commands via shell metacharacters in a URI,
 related to "received URLs in the message window."  NOTE: this issue has
 been disputed due to the user-assisted nature, since the URL must be
 selected and launched by the victim.
Ubuntu-Description:
Notes:
 jdstrand> per Debian, the victim needs to list the URLs in the message with F2
   and press enter on it. the victim can see the complete URL including the
   commands however so the impact is really low
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_centerim:
upstream_centerim: needed
dapper_centerim: DNE
edgy_centerim: DNE
feisty_centerim: DNE
gutsy_centerim: needed (reached end-of-life)
hardy_centerim: released (4.22.2-1ubuntu2)
intrepid_centerim: released (4.22.2-1ubuntu2)
jaunty_centerim: released (4.22.2-1ubuntu2)
karmic_centerim: released (4.22.2-1ubuntu2)
devel_centerim: released (4.22.2-1ubuntu2)

Patches_centericq:
upstream_centericq: needed
dapper_centericq: ignored (reached end-of-life)
edgy_centericq: needed (reached end-of-life)
feisty_centericq: needed (reached end-of-life)
gutsy_centericq: DNE
hardy_centericq: DNE
intrepid_centericq: DNE
jaunty_centericq: DNE
karmic_centericq: DNE
devel_centericq: DNE