{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-09-10T10:00:00.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-vulnerabilities"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.sophos.com/en-us/support/knowledgebase/119773.aspx"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-4984", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-vulnerabilities", "refsource": "MISC", "url": "http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-vulnerabilities"}, {"name": "http://www.sophos.com/en-us/support/knowledgebase/119773.aspx", "refsource": "CONFIRM", "url": "http://www.sophos.com/en-us/support/knowledgebase/119773.aspx"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:59:41.248Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-vulnerabilities"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.sophos.com/en-us/support/knowledgebase/119773.aspx"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-4984", "datePublished": "2013-09-10T10:00:00.000Z", "dateReserved": "2013-07-29T00:00:00.000Z", "dateUpdated": "2024-09-16T19:04:18.463Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sophos:web_appliance:*:*:*:*:*:*:*:*", "matchCriteriaId": "F9CB925A-27AD-4E9C-ABCE-9052460B8670", "versionEndIncluding": "3.7.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E72AFE09-C005-4C58-89E4-95EC329E1456", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "BBD8C41B-38D1-4443-BB4A-0BDBF1419B91", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "F11B1311-687B-4CFD-A1DF-74F42C11CB03", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "38EF1D57-81D6-4E1A-8597-2D505EEB113E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "936C0962-08DB-4C2F-8656-4948E2E9DAF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "84AE2D52-1C27-46BE-87CC-C32E74CBCE12", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "D1160E50-C123-4091-9215-8793999FE1F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.0.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "18F26B00-B087-445F-9453-AA6F4EEBD9C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "67548C4C-C928-4E8A-BD7A-FDAFBBBA20E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "9ADEA7FD-8CBB-4979-891A-78E2AEB32149", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "16FD5529-F951-465D-9B5C-3AA7EA038F03", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "E4993820-1ED0-41A3-9A88-AB3AB0CB46AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "F9B92DA3-55E3-4A60-AFA9-1CB9A3696892", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "9BA52349-778B-47EF-BEE7-831EA810C5C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "941BB190-EFA2-4476-BC6D-173272E92BBF", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "D7B7E5D5-92D2-4F0B-91A0-CD9B20A4A1A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "1884CAE7-F593-40A1-8ABA-F41A341231DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "38A6DDDE-470F-4F8D-AF46-333E1A5C52E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "C425B54A-406A-4D0C-88E1-AEFA1772DD4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "6DE9E620-5FFA-4756-BE2E-EBA71D2483D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "CC4DC81C-657A-4F2C-979D-7BFCAF8DC9DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "41D0F267-E6CA-4064-912E-F5284DEA5B78", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "6728269D-1529-4048-9980-5B58FD3F47D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "5282B986-2470-4B37-8051-0F0BB38F757D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "E3E14CA5-9CAB-4859-8ED9-2654BB755A17", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "3BD9DC4D-1A56-478D-A82E-1136A053338D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.3.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "52F88C47-E8B0-4A43-9729-BA9B8D02D20D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "0A46534C-2EF3-4167-9577-B4F439D28270", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "FC925B44-DEB3-4509-8872-92302BAE87D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.3.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "B9D00352-D5D7-4762-8941-33283A0BF54C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "91CA8948-2D0E-4DF7-B144-6D22E6C4733E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.3.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "12EE64AD-287A-4E7C-9E4D-125328EA17A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "C01801C1-0851-4871-B46C-59E29930C46A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "936E37EF-D6F3-4E10-B55E-D098F564CA8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "324DDE13-04D8-4FEB-A30E-7B97C88E65F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "F778DA33-8C98-4E05-9462-A311677F28F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.4.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "09C6014D-06AD-4B24-AD1C-B4DF85F7116C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "91C780C2-77B2-4B22-8E70-33BC5A265D3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "1C322B75-E0FF-43F6-B98A-4932C3963DBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "9DA0FCD5-BE10-4C06-99C9-383DD8320A40", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "6A2741E9-9BEA-453F-A3C4-73185E8CE8F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "C414A114-7A2A-46EC-AA2D-313E5807F4C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "EFCF1E94-D363-4D76-ABA7-14961FD7C284", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "BB5DDB6C-87B0-46DD-BB6F-FE2CF182C15F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "2BFB4121-D4DE-4408-98A3-75F0130B77D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.5.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "028DC0E3-D477-441A-8BBF-0D845EC121B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "B6781185-BE24-43ED-9D30-D20E8BCC3065", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "C75BA518-EDA7-472E-8076-4839E8F87E4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "C09E0682-3627-4895-B9A2-058548C3E0F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "B0CD24FB-761D-4DC9-B56F-AD0F41475FAF", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "35D35162-2FEF-45CB-99AF-B0606BEA72EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "BD27E74E-7698-4277-BFE8-E065914A5034", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.6.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "C5073E62-8F6B-49BD-9E8E-C4B47DD02A9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "E80BE71D-8AA6-4304-A87B-1905D8468556", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.6.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "D2E0BD9F-0745-4F26-B198-28C83946BA0A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.6.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "0A40A529-E944-4FDB-A88C-9AEFBA067010", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.6.2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "EB5CF2F8-D3FB-4B2C-A031-B6B56A89A044", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.6.2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "AC137078-0619-4167-8037-64CE1A2F4286", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "D76F093E-1666-4DB3-8933-BE75CDB4E1A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "C9FEB8B8-6EB3-4814-B213-983B3B8F577E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.6.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "3B3BCA7A-BF09-46FA-8922-6BAA5F1F76AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.6.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "6951182E-D6AD-416B-9C57-11C08045978B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "A7DC68B7-4939-439F-9DFC-B47EF0993156", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "88EBB0D5-F4DA-407E-B1BA-4DE53DA2043D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "8BDF11D9-ADEF-4C4C-B09F-425C28FC5363", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "81A8F610-7B4F-4802-8BEB-BEE5AC45D4CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "AFC38B5D-4FF5-4428-87D5-F7DA82EFFCC7", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "C1AF9BE6-C8E1-44C5-8176-FB64DFCEB3DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "2DBC7DE7-B772-45DE-934C-A131114544BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "91162663-4E48-4BF7-B6BF-1DBB67878D95", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.7.8:*:*:*:*:*:*:*", "matchCriteriaId": "DA35A488-2057-42B1-9570-6D122C1BBC1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.7.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "23444EF3-308E-42A0-9578-EB2E0D2E5D38", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.7.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "773225D2-B6F6-4983-8BBE-169E6D5984C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "7E599CAD-00A6-46A3-8CF9-30562D42651B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:web_appliance:3.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "0BB74E3E-1378-4FD0-B4B4-DA56EB0C12EC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument."}, {"lang": "es", "value": "La funci\u00f3n close_connections en /opt/cma/bin/clear_keys.pl en Sophos Web Appliance anterior a v3.7.9.1 y v3.8 anterior a v3.8.1.1 permite a usuarios locales conseguir privilegios a trav\u00e9s de metacaracteres de consola en el segundo argumento."}], "id": "CVE-2013-4984", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-09-10T11:28:41.073", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Technical Description", "Vendor Advisory"], "url": "http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-vulnerabilities"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.sophos.com/en-us/support/knowledgebase/119773.aspx"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Technical Description", "Vendor Advisory"], "url": "http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-vulnerabilities"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.sophos.com/en-us/support/knowledgebase/119773.aspx"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}, {"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}