Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3180

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-3180
Last Modified 17 Apr 2014 09:36:38
Published 16 Apr 2014 02:37:09
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-3180

Summary

kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown.

Vulnerable Systems

Application

  • Suse Kiwi 4.98.07

  • Suse Studio Extension For System Z 1.2

  • Suse Studio Onsite 1.2


References

CONFIRM - https://github.com/openSUSE/kiwi/commit/f0f74b3f6ac6d47f7919aa9db380c0ad41ffe55f#

MLIST - [oss-security] 20111102 kiwi shell meta char injection

SUSE - SUSE-SU-2011:1324


Last Updated: 27 May 2016 11:05:00