CVE-2012-4245 - The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attacke

CVE-2012-4245

Summary

The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command.

References

Vulnerable Configurations

cpe:2.3:a:gimp:gimp:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.3:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.3:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.4:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.4:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.5:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.5:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.6:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.6:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.7:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.7:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.8:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.8:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.9:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.9:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.10:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.10:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.11:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.11:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.12:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.12:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.13:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.13:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 07-02-2022 - 18:57)
Impact:
Exploitability:

CWE

CWE-862

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	55089
bugtraq	20120816 GIMP Scriptfu Python Remote Command Execution
confirm	http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
gentoo	GLSA-201603-01
misc	http://www.reactionpenetrationtesting.co.uk/GIMP-scriptfu-python-command-execution.html
mlist	[oss-security] 20120816 GIMP Scriptfu Python Remote Command Execution [oss-security] 20120817 Re: [Full-disclosure] GIMP Scriptfu Python Remote Command Execution [oss-security] 20120820 RE: [Full-disclosure] GIMP Scriptfu Python Remote Command Execution

Last major update

07-02-2022 - 18:57

Published

31-08-2012 - 18:55

Last modified

07-02-2022 - 18:57