CVE-2015-0778 – Gentoo Linux Security Advisory 201603-02

https://notcve.org/view.php?id=CVE-2015-0778

16 Mar 2015 — osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file. osc anterior a 0.151.0 permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en un archivo _service. OSC is vulnerable to the remote execution of arbitrary code. Versions less than 0.152.0 are affected. • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154257.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •