CVE-2008-5718 — netatalk - remote code execution

Description

The papd daemon in Netatalk before 2.0.4-beta2, when using certain variables in a pipe command for the print file, allows remote attackers to execute arbitrary commands via shell metacharacters in a print request, as demonstrated using a crafted Title.

How to fix CVE-2008-5718

To remediate CVE-2008-5718, upgrade the affected package to a fixed version below.

Debian/netatalk—upgrade to 2.0.4~beta2-1 or later
Debian/netatalk—upgrade to 2.0.3-4+etch1 or later
Debian/netatalk—upgrade to 2.0.3-11+lenny1 or later

Is CVE-2008-5718 being exploited?

Low — EPSS is 1.8%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0, < 2.0.4~beta2-1
from 0, < 2.0.3-4+etch1
from 0, < 2.0.3-11+lenny1

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2008-5718