Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2006-5875

eoc.py in Enemies of Carlotta (EoC) before 1.2.4 allows remote attackers to execute arbitrary commands via shell metacharacters in an "SMTP level e-mail address".

Related bugs and status

CVE-2006-5875 (Candidate) is related to these bugs:

Bug #76321: improper shell quoting

		In	Importance	Status
76321	improper shell quoting	enemies-of-carlotta (Ubuntu)	Undecided	Fix Released
76321	improper shell quoting	enemies-of-carlotta (Ubuntu Breezy)	Undecided	Invalid
76321	improper shell quoting	enemies-of-carlotta (Ubuntu Dapper)	Undecided	Fix Released
76321	improper shell quoting	enemies-of-carlotta (Ubuntu Edgy)	Undecided	Fix Released
76321	improper shell quoting	enemies-of-carlotta (Ubuntu Feisty)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

References

DEBIAN: DSA-1236
MLIST: [eoc] 20061213 EoC 1.2...
BID: 21572
SECUNIA: 23377
SECUNIA: 23382
OSVDB: 30849
VUPEN: ADV-2006-5000
XF: eoc-email-shell-comman...