CVE-2013-7069

ack 2.00-2.11_02 - Remote Code Execution via .ackrc File Options

Title source: llm
STIX 2.1

Description

ack 2.00 through 2.11_02 allows remote attackers to execute arbitrary code via a (1) --pager, (2) --regex, or (3) --output option in a .ackrc file in a directory to be searched.

References (5)

Core 5
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/55982
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-01/msg00094.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/64196
Issue Tracking x_refsource_confirm
https://github.com/petdance/ack2/issues/399
Mailing List mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2013/q4/484

Scores

EPSS 0.0310
EPSS Percentile 86.1%

Details

CWE
CWE-94
Status published
Products (10)
beyondgrep/ack 2.00
beyondgrep/ack 2.02
beyondgrep/ack 2.04
beyondgrep/ack 2.05_01
beyondgrep/ack 2.06
beyondgrep/ack 2.08
beyondgrep/ack 2.10
beyondgrep/ack 2.11
beyondgrep/ack 2.11_01
beyondgrep/ack 2.11_02
Published Dec 14, 2013
Tracked Since Feb 18, 2026