Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4195

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-4195
Last Modified 17 Apr 2014 10:20:13
Published 16 Apr 2014 02:37:11
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4195

Summary

kiwi before 4.98.05, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in an image name.

Vulnerable Systems

Application

  • Suse Kiwi 4.98.04

  • Suse Studio Extension For System Z 1.2

  • Suse Studio Onsite 1.2


References

CONFIRM - https://github.com/openSUSE/kiwi/commit/88bf491d16942766016c606e4210b4e072c1019f

MLIST - [oss-security] 20111102 kiwi shell meta char injection

SUSE - SUSE-SU-2011:1324


Last Updated: 27 May 2016 11:05:01