Описание
The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command.
Отчет
Red Hat does not consider this to be a security flaw. The GIMP scriptfu server works as intended and should not be enabled in production environments as it was not designed to have any kind of security protection.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | gimp | Will not fix | ||
| Red Hat Enterprise Linux 6 | gimp | Will not fix |
Показывать по
Дополнительная информация
5.1 Medium
CVSS2
Связанные уязвимости
The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command.
The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command.
The scriptfu network server in GIMP 2.6 does not require authenticatio ...
The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command.
5.1 Medium
CVSS2