Info

Disclosure

Oct 22, 2012

Discovery

Unknown

Dates

Exploit

Mar 25, 2013

Solution

Oct 22, 2012

Description

Mutiny contains a flaw that is triggered when an unspecified error occurs related to the network interface menu, which may allow a remote attacker to inject arbitrary shell commands. No further details have been provided.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Public
Disclosure: Vendor Verified, Third-party Verified, Coordinated Disclosure

Solution

Upgrade to version 4.5-1.12 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Mutiny Limited

Mutiny

4.5-1.10

References

CVE ID: 2012-3001 (see also: NVD)
Exploit Database: 24888
Secunia Advisory ID: 51094
ISS X-Force ID: 79496
CERT VU: 841851
Packet Storm: http://packetstormsecurity.com/files/120918/Mutiny-Remote-Command-Execution.html
Vendor URL: http://www.mutiny.com/images.php

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/86570