Page History

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a536d946170c1a17-ddd1c986-470f4fd6-9b579e57-c6396fd0e676121ffe8b6b63"><ac:plain-text-body><![CDATA[

[CVE-2010-0886]

[Sun Java Web Start Plugin Command Line Argument Injection

http://www.securitytube.net/video/1465]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="046be6782a2005b2-13610f0b-46e4416f-881b87f7-48adfee7d84461ed4fd25752"><ac:plain-text-body><![CDATA[

[CVE-2010-1826]

[Command injection in updateSharingD's handling of Mach RPC messages

http://securitytracker.com/id/1024617]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="4f74d67120510245-2e7d8181-414c48a4-a62aa0b4-2288767ec325e8e9619ecd56"><ac:plain-text-body><![CDATA[

[T-472]

[Mac OS X Java Command Injection Flaw in updateSharingD Lets Local Users Gain Elevated Privileges

http://www.doecirc.energy.gov/bulletins/t-472.shtml]

]]></ac:plain-text-body></ac:structured-macro>

The CERT C Secure Coding Standard

ENV03-C. Sanitize the environment when invoking external programs

ENV04-C. Do not call system() if you do not need a command processor

The CERT C++ Secure Coding Standard

ENV03-CPP. Sanitize the environment when invoking external programs

ENV04-CPP. Do not call system() if you do not need a command processor

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="3fd7f23272cd71a0-76d480a1-41b24fc2-a96b8a13-5306e5962bf1849b6d8ef3c4"><ac:plain-text-body><![CDATA[

[ISO/IEC TR 24772:2010

http://www.aitcnet.org/isai/]

"Injection [RST]"

]]></ac:plain-text-body></ac:structured-macro>

MITRE CWE

CWE ID 78, "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="4aca9f0d3dd86006-b354f87a-4b4e4a80-b93c82c8-2c31942018d50ef3aed56d06"><ac:plain-text-body><![CDATA[

[[Chess 2007

AA. Bibliography#Chess 07]]

Chapter 5: Handling Input, "Command Injection"]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="dacceba66dc5ee6e-ba7b318f-4a9c4db1-994cbba6-d5e45c9f4e09362192d68337"><ac:plain-text-body><![CDATA[

[[OWASP 2005

AA. Bibliography#OWASP 05]]

[Reviewing Code for OS Injection

http://www.owasp.org/index.php/Reviewing_Code_for_OS_Injection]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="4a4c13cc6fe26000-c98a1ddd-42bc4e75-82e9b099-69fd5de5641eeea1c8ed487b"><ac:plain-text-body><![CDATA[

[[Permissions 2008

AA. Bibliography#Permissions 08]]

[Permissions in the Java™ SE 6 Development Kit (JDK)

http://java.sun.com/javase/6/docs/technotes/guides/security/permissions.html], Sun Microsystems, Inc. (2008)

]]></ac:plain-text-body></ac:structured-macro>