CVE-2008-5705 - OpenCVE

The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier, when user triggers are enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in an argument.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Verlihub-project	Verlihub

Configuration 1 [-]

cpe:2.3:a:verlihub-project:verlihub:0.9.8d:rc2:*:*:*:*:*:*

No data.

References

Link	Providers
http://bugs.debian.org/506530
http://openwall.com/lists/oss-security/2008/12/17/16
http://securityreason.com/securityalert/4800
http://www.securityfocus.com/bid/32420
https://exchange.xforce.ibmcloud.com/vulnerabilities/46801
https://www.exploit-db.com/exploits/7183

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-12-22T15:00:00

Updated: 2024-08-07T11:04:43.752Z

Reserved: 2008-12-22T00:00:00

Link: CVE-2008-5705

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-12-22T15:30:00.780

Modified: 2017-09-29T01:32:45.040

Link: CVE-2008-5705

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-11-21T00:00:00", "descriptions": [{"lang": "en", "value": "The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier, when user triggers are enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in an argument."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "32420", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/32420"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.debian.org/506530"}, {"name": "7183", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/7183"}, {"name": "[oss-security] 20081216 CVE id request: verlihub", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2008/12/17/16"}, {"name": "verlihub-trigger-command-execution(46801)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46801"}, {"name": "4800", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/4800"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5705", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier, when user triggers are enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in an argument."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "32420", "refsource": "BID", "url": "http://www.securityfocus.com/bid/32420"}, {"name": "http://bugs.debian.org/506530", "refsource": "MISC", "url": "http://bugs.debian.org/506530"}, {"name": "7183", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/7183"}, {"name": "[oss-security] 20081216 CVE id request: verlihub", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2008/12/17/16"}, {"name": "verlihub-trigger-command-execution(46801)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46801"}, {"name": "4800", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4800"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T11:04:43.752Z"}, "title": "CVE Program Container", "references": [{"name": "32420", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/32420"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugs.debian.org/506530"}, {"name": "7183", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/7183"}, {"name": "[oss-security] 20081216 CVE id request: verlihub", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2008/12/17/16"}, {"name": "verlihub-trigger-command-execution(46801)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46801"}, {"name": "4800", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/4800"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5705", "datePublished": "2008-12-22T15:00:00", "dateReserved": "2008-12-22T00:00:00", "dateUpdated": "2024-08-07T11:04:43.752Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:verlihub-project:verlihub:0.9.8d:rc2:*:*:*:*:*:*", "matchCriteriaId": "1E2C134F-9B54-4964-A2C4-30C99B0A0A23", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier, when user triggers are enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in an argument."}, {"lang": "es", "value": "La funci\u00f3n cTrigger::DoIt de src/ctrigger.cpp en el mecanismo de lanzamiento (trigger) en el demonio de Verlihub 0.9.8d-RC2 y anteriores, cuando est\u00e1n habilitados los lanzamientos de usuario (user triggers), permite a atacantes remotos ejecutar comandos de su elecci\u00f3n a trav\u00e9s de metacaracteres de l\u00ednea de comandos en un argumento."}], "id": "CVE-2008-5705", "lastModified": "2017-09-29T01:32:45.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-12-22T15:30:00.780", "references": [{"source": "cve@mitre.org", "url": "http://bugs.debian.org/506530"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2008/12/17/16"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/4800"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/32420"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46801"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/7183"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}