Arbitrary Command Execution via SMB Server in pysmb.py

Arbitrary Command Execution via SMB Server in pysmb.py

CVE-2011-2899 · MEDIUM Severity

AV:N/AC:H/AU:N/C:P/I:P/A:P

pysmb.py in system-config-printer 0.6.x and 0.7.x, as used in foomatic-gui and possibly other products, allows remote SMB servers to execute arbitrary commands via shell metacharacters in the (1) NetBIOS or (2) workgroup name, which are not properly handled when searching for network printers.

Learn more about our Cis Benchmark Audit For Apple Ios.