Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3537

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2012-3537
Last Modified 06 Sep 2012 12:00:00
Published 05 Sep 2012 07:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2012-3537

Summary

The Crowbar Ohai plugin (chef/cookbooks/ohai/files/default/plugins/crowbar.rb) in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands via vectors related to "insecure handling of tmp files" and predictable file names.

Vulnerable Systems

Application

  • Dell Crowbar 1.4


References

MISC - https://github.com/SUSE-Cloud/barclamp-deployer/commit/b6454268a067fc77ff5de82057b5b53b3cc38b87

MISC - https://github.com/SUSE-Cloud/barclamp-deployer/commit/5ea8d4ddaa4cb1ce834d36889f0fe7ac0d617bc8

CONFIRM - https://github.com/dellcloudedge/barclamp-deployer/pull/57

MISC - https://bugzilla.novell.com/show_bug.cgi?id=774967

XF - crowbar-privilege-escalation(78041)

BID - 55240

MLIST - [oss-security] 20120827 Re: CVE request: crowbar ohai plugin: local privilege (root) escalation due to insecure tmp file handling

MLIST - [oss-security] 20120827 CVE request: crowbar ohai plugin: local privilege (root) escalation due to insecure tmp file handling

SECUNIA - 50442

OSVDB - 84955


Last Updated: 27 May 2016 11:00:27