Arbitrary Command Execution Vulnerability in Debian Mime-support Package
CVE-2014-7209

Currently unrated

Key Information:

Vendor: Debian
Status: Mime-support
Vendor: CVE Published:; 6 January 2015

Summary

The Debian mime-support package prior to version 3.52-1+deb7u1 is susceptible to a command injection vulnerability via the run-mailcap utility. This flaw enables context-dependent attackers to execute arbitrary commands when they control the input filenames containing shell metacharacters. By crafting specific filenames, attackers can misuse this vulnerability to gain unauthorized command execution privileges. Users of affected versions are advised to implement the latest updates to mitigate these risks.

References

http://www.securityfocus.com/bid/71797

vdb-entryx_refsource_BID

http://secunia.com/advisories/61892

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/99570

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jan 6, 2015
Vulnerability Reserved
Sep 27, 2014