CVE-2009-1669
Published: 18 May 2009
The smarty_function_math function in libs/plugins/function.math.php in Smarty 2.6.22 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function. NOTE: some of these details are obtained from third party information.
Notes
Author | Note |
---|---|
mdeslaur | may be a PoC here: http://www.milw0rm.com/exploits/8659 Debian says: TODO: check. It should be windows specific. |
Priority
Status
Package | Release | Status |
---|---|---|
gallery2 Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Not vulnerable
(uses system smarty)
|
|
jaunty |
Not vulnerable
(uses system smarty)
|
|
karmic |
Not vulnerable
(uses system smarty)
|
|
lucid |
Not vulnerable
(uses system smarty)
|
|
maverick |
Not vulnerable
(uses system smarty)
|
|
natty |
Not vulnerable
(uses system smarty)
|
|
oneiric |
Not vulnerable
(uses system smarty)
|
|
upstream |
Needs triage
|
|
moodle Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Released
(1.8.2-1ubuntu4.2)
|
|
intrepid |
Released
(1.8.2-1.2ubuntu2.1)
|
|
jaunty |
Not vulnerable
(uses system smarty)
|
|
karmic |
Not vulnerable
(uses system smarty)
|
|
lucid |
Not vulnerable
(uses system smarty)
|
|
maverick |
Not vulnerable
(uses system smarty)
|
|
natty |
Not vulnerable
(uses system smarty)
|
|
oneiric |
Not vulnerable
(uses system smarty)
|
|
upstream |
Needs triage
|
|
smarty Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Ignored
(end of life, was needed)
|
|
jaunty |
Released
(2.6.22-1ubuntu1.1)
|
|
karmic |
Released
(2.6.22-1ubuntu2)
|
|
lucid |
Released
(2.6.22-1ubuntu2)
|
|
maverick |
Released
(2.6.22-1ubuntu2)
|
|
natty |
Released
(2.6.22-1ubuntu2)
|
|
oneiric |
Released
(2.6.22-1ubuntu2)
|
|
upstream |
Needed
|