Red Hat Bugzilla – Bug 438871
CVE-2008-1467 CenterIM passes unescaped URLs to shell
Last modified: 2008-04-24 07:43:42 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-1467 to the following vulnerability:
CenterIM 4.22.3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a URI, related to "received URLs in the message window."
Patch in rawhide.
Stables will be updated in about a week, together with Yahoo IM fixes.
centerim-4.22.4-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
centerim-4.22.4-1.fc7.1 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: