Bug#639243: CVE-2011-2899: remote arbitrary code execution
Guido Günther
agx at sigxcpu.org
Fri Sep 2 21:52:02 UTC 2011
On Thu, Aug 25, 2011 at 12:22:04PM +0200, Josselin Mouette wrote:
> Package: system-config-printer
> Version: 1.2.3-3
> Severity: grave
> Tags: security squeeze
>
> See https://bugzilla.redhat.com/show_bug.cgi?id=728348
>
> The pysmb.py module in system-config-printer is vulnerable to a remote
> security vulnerability.
I had a short look at the code now.
>From what I see the version in squeeze uses smbc instead of invoking
nmblookup/smbclient directly. There's a leftover nmblookup in
troubleshoot/CheckPrinterSanity.py though but this only gets input from
the troubleshoot dialog..
Lenny's pysmb looks vulnerable.
Cheers,
-- Guido
More information about the pkg-gnome-maintainers
mailing list