{
  "threat_severity" : "Moderate",
  "public_date" : "2011-07-30T00:00:00Z",
  "bugzilla" : {
    "description" : "system-config-printer: possible arbitrary code execution in pysmb.py due to improper escaping of hostnames",
    "id" : "728348",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=728348"
  },
  "cvss" : {
    "cvss_base_score" : "5.1",
    "cvss_scoring_vector" : "AV:N/AC:H/Au:N/C:P/I:P/A:P",
    "status" : "verified"
  },
  "details" : [ "pysmb.py in system-config-printer 0.6.x and 0.7.x, as used in foomatic-gui and possibly other products, allows remote SMB servers to execute arbitrary commands via shell metacharacters in the (1) NetBIOS or (2) workgroup name, which are not properly handled when searching for network printers." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 4",
    "release_date" : "2011-08-23T00:00:00Z",
    "advisory" : "RHSA-2011:1196",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4",
    "package" : "system-config-printer-0:0.6.116.10-1.6.el4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2011-08-23T00:00:00Z",
    "advisory" : "RHSA-2011:1196",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "system-config-printer-0:0.7.32.10-1.el5_7.1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "system-config-printer",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2011-2899\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-2899" ],
  "name" : "CVE-2011-2899",
  "csaw" : false
}