CVE-2011-2899
system-config-printer 0.6.x-0.7.x - Remote Code Execution via SMB NetBIOS or Workgroup Name
Title source: llmDescription
pysmb.py in system-config-printer 0.6.x and 0.7.x, as used in foomatic-gui and possibly other products, allows remote SMB servers to execute arbitrary commands via shell metacharacters in the (1) NetBIOS or (2) workgroup name, which are not properly handled when searching for network printers.
References (6)
Core 6
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/45744
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-1196.html
Patch x_refsource_misc
http://cvs.savannah.gnu.org/viewvc/foomatic-gui/foomatic/pysmb.py?root=foomatic-gui&r1=1.2&r2=1.3&view=patch
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1025967
Patch x_refsource_misc
https://bugs.launchpad.net/ubuntu/+source/foomatic-gui/+bug/811119
Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=728348
Scores
EPSS
0.0197
EPSS Percentile
78.0%
Details
CWE
CWE-20
Status
published
Products (50)
redhat/system-config-printer
0.7.32.6
redhat/system-config-printer
0.7.32.7
redhat/system-config-printer
0.7.32.8
redhat/system-config-printer
0.7.32.9
redhat/system-config-printer
0.7.32.10
redhat/system-config-printer
0.7.60
redhat/system-config-printer
0.7.61
redhat/system-config-printer
0.7.62
redhat/system-config-printer
0.7.63
redhat/system-config-printer
0.7.63.1
... and 40 more
Published
Aug 31, 2011
Tracked Since
Feb 18, 2026