CVE-2011-2899

system-config-printer 0.6.x-0.7.x - Remote Code Execution via SMB NetBIOS or Workgroup Name

Title source: llm
STIX 2.1

Description

pysmb.py in system-config-printer 0.6.x and 0.7.x, as used in foomatic-gui and possibly other products, allows remote SMB servers to execute arbitrary commands via shell metacharacters in the (1) NetBIOS or (2) workgroup name, which are not properly handled when searching for network printers.

References (6)

Core 6
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/45744
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-1196.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1025967

Scores

EPSS 0.0197
EPSS Percentile 78.0%

Details

CWE
CWE-20
Status published
Products (50)
redhat/system-config-printer 0.7.32.6
redhat/system-config-printer 0.7.32.7
redhat/system-config-printer 0.7.32.8
redhat/system-config-printer 0.7.32.9
redhat/system-config-printer 0.7.32.10
redhat/system-config-printer 0.7.60
redhat/system-config-printer 0.7.61
redhat/system-config-printer 0.7.62
redhat/system-config-printer 0.7.63
redhat/system-config-printer 0.7.63.1
... and 40 more
Published Aug 31, 2011
Tracked Since Feb 18, 2026