Published: 14/12/2013 Updated: 06/03/2014

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

ack 2.00 up to and including 2.11_02 allows remote malicious users to execute arbitrary code via a (1) --pager, (2) --regex, or (3) --output option in a .ackrc file in a directory to be searched.

Vulnerable Product	Search on Vulmon	Subscribe to Product
beyondgrep ack 2.05_01
beyondgrep ack 2.04
beyondgrep ack 2.10
beyondgrep ack 2.08
beyondgrep ack 2.06
beyondgrep ack 2.11_01
beyondgrep ack 2.11
beyondgrep ack 2.11_02
beyondgrep ack 2.02
beyondgrep ack 2.00

Debian Bug report logs - #731848 ack-grep: CVE-2013-7069: potential remote code execution via per-project ackrc files Package: ack-grep; Maintainer for ack-grep is Debian Perl Group <pkg-perl-maintainers@listsaliothdebianorg>; Source for ack-grep is src:ack (PTS, buildd, popcon) Reported by: Axel Beckert <abe@debiano ...

CWE-94 http://secunia.com/advisories/55982 http://www.securityfocus.com/bid/64196 https://github.com/petdance/ack2/issues/399 http://seclists.org/oss-sec/2013/q4/484 http://lists.opensuse.org/opensuse-updates/2014-01/msg00094.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731848 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-7069

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect