Published: 03/07/2012 Updated: 29/08/2017

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

VMScore: 801

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

The Trigger plugin in bcfg2 1.2.x prior to 1.2.3 allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the UUID field to the server process (bcfg2-server).

Vulnerable Product	Search on Vulmon	Subscribe to Product
anl bcfg2 1.2.0

It was discovered that malicious clients can trick the server component of the Bcfg2 configuration management system to execute commands with root privileges For the stable distribution (squeeze), this problem has been fixed in version 101-3+squeeze2 For the unstable distribution (sid), this problem has been fixed in version 122-2 We recomme ...

CWE-78 http://secunia.com/advisories/49690 http://www.debian.org/security/2012/dsa-2503 http://www.securityfocus.com/bid/54217 http://permalink.gmane.org/gmane.comp.sysutils.bcfg2.devel/4539 https://github.com/Bcfg2/bcfg2/commit/a524967e8d5c4c22e49cd619aed20c87a316c0be http://secunia.com/advisories/49629 https://exchange.xforce.ibmcloud.com/vulnerabilities/76616 https://nvd.nist.gov https://www.debian.org/security/./dsa-2503

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-3366

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect