Caldera OpenLinux DocView Meta-Character Filtering Vulnerability

docview is a proprietory package included with Caldera OpenLinux, and is licensed under the GPL. It is designed to allow viewing of man pages view an HTTP interface.

It is possible to execute arbitrary commands through the interface. The interface does not sufficiently validate input, which could lead to the passing of special characters, and execution of commands as the HTTP user.

This makes it possible for a remote user to execute arbitrary commands, and potentially gain local access to the affected system.


Privacy Statement
Copyright 2010, SecurityFocus