Stpierre

**Name of the Vulnerable Software and Affected Versions** bcfg2 versions 1.2.x through 1.2.2 **Description** The issue allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the `UUID` field to the server process. This is related to the Trigger plugin in bcfg2. **Recommendations** For bcfg2 versions 1.2.x through 1.2.2, update to version 1.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Trigger plugin to minimize the risk of exploitation. Avoid using shell metacharacters in the `UUID` field until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Bcfg2 versions 1.1.2 and earlier Bcfg2 version 1.2 prerelease **Description** The issue allows remote attackers to execute arbitrary commands via shell metacharacters in data received from a client. Multiple vulnerabilities in the Bcfg2 package of the Debian GNU/Linux operating system can be exploited remotely, potentially leading to a breach of confidentiality, integrity, and availability of protected information. **Recommendations** For Bcfg2 versions 1.1.2 and earlier, consider disabling the reception of client data until a patch is available. For Bcfg2 version 1.2 prerelease, restrict access to the server to minimize the risk of exploitation. As a temporary workaround, consider validating and sanitizing all client data to prevent the execution of arbitrary commands via shell metacharacters.