CVE-2007-4749 - OpenCVE

The cmdjob utility in Autodesk Backburner 3.0.2 allows remote attackers to execute arbitrary commands on render servers by queueing jobs that contain these commands. NOTE: this is only a vulnerability in environments in which the administrator has not followed documentation that outlines the security risks of operating Backburner on untrusted networks.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Autodesk	Backburner

Configuration 1 [-]

cpe:2.3:a:autodesk:backburner:3.0.2:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/26797
http://securityreason.com/securityalert/3132
http://securitytracker.com/id?1018686
http://www.securityfocus.com/archive/1/479193/100/0/threaded
http://www.securityfocus.com/bid/25590
http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-008.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/36582

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-09-14T00:00:00

Updated: 2024-08-07T15:08:33.860Z

Reserved: 2007-09-07T00:00:00

Link: CVE-2007-4749

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-09-14T00:17:00.000

Modified: 2018-10-15T21:37:07.313

Link: CVE-2007-4749

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-09-12T00:00:00", "descriptions": [{"lang": "en", "value": "The cmdjob utility in Autodesk Backburner 3.0.2 allows remote attackers to execute arbitrary commands on render servers by queueing jobs that contain these commands. NOTE: this is only a vulnerability in environments in which the administrator has not followed documentation that outlines the security risks of operating Backburner on untrusted networks."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1018686", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1018686"}, {"name": "20070911 SYMSA-2007-008: Autodesk Backburner 3.0.2 System Backdoor", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/479193/100/0/threaded"}, {"name": "3132", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3132"}, {"name": "26797", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26797"}, {"name": "autodesk-backburner-command-execution(36582)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36582"}, {"name": "25590", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25590"}, {"tags": ["x_refsource_MISC"], "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-008.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4749", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The cmdjob utility in Autodesk Backburner 3.0.2 allows remote attackers to execute arbitrary commands on render servers by queueing jobs that contain these commands. NOTE: this is only a vulnerability in environments in which the administrator has not followed documentation that outlines the security risks of operating Backburner on untrusted networks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1018686", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1018686"}, {"name": "20070911 SYMSA-2007-008: Autodesk Backburner 3.0.2 System Backdoor", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/479193/100/0/threaded"}, {"name": "3132", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3132"}, {"name": "26797", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26797"}, {"name": "autodesk-backburner-command-execution(36582)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36582"}, {"name": "25590", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25590"}, {"name": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-008.txt", "refsource": "MISC", "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-008.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:08:33.860Z"}, "title": "CVE Program Container", "references": [{"name": "1018686", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1018686"}, {"name": "20070911 SYMSA-2007-008: Autodesk Backburner 3.0.2 System Backdoor", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/479193/100/0/threaded"}, {"name": "3132", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3132"}, {"name": "26797", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26797"}, {"name": "autodesk-backburner-command-execution(36582)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36582"}, {"name": "25590", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25590"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-008.txt"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4749", "datePublished": "2007-09-14T00:00:00", "dateReserved": "2007-09-07T00:00:00", "dateUpdated": "2024-08-07T15:08:33.860Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:autodesk:backburner:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2CAD94D6-3CDF-41A5-B9B0-DEF67C33D22B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The cmdjob utility in Autodesk Backburner 3.0.2 allows remote attackers to execute arbitrary commands on render servers by queueing jobs that contain these commands. NOTE: this is only a vulnerability in environments in which the administrator has not followed documentation that outlines the security risks of operating Backburner on untrusted networks."}, {"lang": "es", "value": "La utilidad cmdjob de Autodesk Backburner 3.0.2 permite a atacantes remotos ejecutar comandos de su elecci\u00f3n en servidores de interpretaci\u00f3n (render) al encolar trabajos que contienen estos comandos.\r\nNOTA: Esto es solo una vulnerabilidad en entornos en los cuales el administrador no ha seguido la documentaci\u00f3n que subraya los riesgos de seguridad de utilizar Backburner en redes no confiables."}], "id": "CVE-2007-4749", "lastModified": "2018-10-15T21:37:07.313", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-09-14T00:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/26797"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3132"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1018686"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/479193/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/25590"}, {"source": "cve@mitre.org", "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-008.txt"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36582"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-16"}], "source": "nvd@nist.gov", "type": "Primary"}]}