CVE-2003-1538

Published: Dec 31, 2003Modified: Apr 16, 2026

6.4

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability: 10.0 / Impact: 4.9

Source: NVD

Description

susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server, and Openexchange Server 4 does not properly filter shell metacharacters, which allows remote attackers to execute arbitrary commands via CGI queries.

Affected (4)

Products: Suse: Office Server, Suse Linux, Suse Linux Openexchange Server

Suse

3 products

Office Server

Suse Linux

Suse Linux Openexchange Server

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Suse Office Server	All versions
Suse Suse Linux	Version 8.1
Suse Suse Linux	Version 8
Suse Suse Linux Openexchange Server	Version 4.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

http://secunia.com/advisories/7906

Source: cve@mitre.org

PatchVendor Advisory

http://www.novell.com/linux/security/advisories/2003_005_susehelp.html

Source: cve@mitre.org

http://www.securitytracker.com/id?1005954

Source: cve@mitre.org

Patch

http://secunia.com/advisories/7906

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.novell.com/linux/security/advisories/2003_005_susehelp.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1005954

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.