PT-2012-4665 · Bcfg2 · Bcfg2
Stpierre
·
Publicado
2012-07-03
·
Atualizado
2017-08-29
·
CVE-2012-3366
CVSS v2.0
9.0
Alta
| Vetor | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
bcfg2 versions 1.2.x through 1.2.2
Description
The issue allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the
UUID field to the server process. This is related to the Trigger plugin in bcfg2.Recommendations
For bcfg2 versions 1.2.x through 1.2.2, update to version 1.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Trigger plugin to minimize the risk of exploitation. Avoid using shell metacharacters in the
UUID field until the issue is resolved.Correção
OS Command Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Bcfg2