Caldera OpenLinux DocView Meta-Character Filtering Vulnerability
docview is a proprietory package included with Caldera OpenLinux, and is licensed under the GPL. It is designed to allow viewing of man pages view an HTTP interface. It is possible to execute arbitrary commands through the interface. The interface does not sufficiently validate input, which could lead to the passing of special characters, and execution of commands as the HTTP user. This makes it possible for a remote user to execute arbitrary commands, and potentially gain local access to the affected system. |
Privacy Statement |