FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

dia -- remote command execution vulnerability

Affected packages
dia < 0.96.1_6,1

Details

VuXML ID 25eb365c-fd11-11dd-8424-c213de35965d
Discovery 2009-01-26
Entry 2009-02-17

Security Focus reports:

An attacker could exploit this issue by enticing an unsuspecting victim to execute the vulnerable application in a directory containing a malicious Python file. A successful exploit will allow arbitrary Python commands to run within the privileges of the currently logged-in user.

[source]

References

Bugtraq ID 33448
CVE Name CVE-2008-5984
URL http://secunia.com/advisories/33672

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.