Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3366

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2012-3366
Last Modified 13 Sep 2012 12:00:00
Published 03 Jul 2012 12:40:35
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-3366

Summary

The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the UUID field to the server process (bcfg2-server).

Vulnerable Systems

Application

  • Anl Bcfg2 1.2.0


References

CONFIRM - https://github.com/Bcfg2/bcfg2/commit/a524967e8d5c4c22e49cd619aed20c87a316c0be

XF - bcfg2-trigger-command-execution(76616)

BID - 54217

DEBIAN - DSA-2503

SECUNIA - 49690

SECUNIA - 49629

MLIST - [bcfg-dev] 20120612 Major security flaw in Trigger plugin


Last Updated: 27 May 2016 10:56:36