Candidate: CVE-2012-4245
PublicDate: 2012-08-31 18:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4245
 http://www.reactionpenetrationtesting.co.uk/GIMP-scriptfu-python-command-execution.html
 http://www.openwall.com/lists/oss-security/2012/08/20/1
 http://www.openwall.com/lists/oss-security/2012/08/17/2
 http://www.openwall.com/lists/oss-security/2012/08/16/6
 http://archives.neohapsis.com/archives/bugtraq/2012-08/0106.html
Description:
 The scriptfu network server in GIMP 2.6 does not require authentication,
 which allows remote attackers to execute arbitrary commands via the
 python-fu-eval command.
Ubuntu-Description:
Notes:
 tyhicks> The scriptfu server is not widely used and security is not a part of
  the server's design
 mdeslaur> The script-fu network server should not be used in untrusted
 mdeslaur> environments. We are not going to fix this, marking as ignored.
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_gimp:
upstream_gimp: needs-triage
hardy_gimp: ignored (reached end-of-life)
lucid_gimp: ignored
natty_gimp: ignored (reached end-of-life)
oneiric_gimp: ignored
precise_gimp: ignored
quantal_gimp: not-affected (2.8.0-2ubuntu2)
devel_gimp: not-affected (2.8.0-2ubuntu2)