PT-2014-2167 · Suse · Suse Studio Extension For System Z+2
Thomas Biege
·
Publicado
2014-04-16
·
Atualizado
2014-04-17
·
CVE-2011-4195
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
SUSE Studio Onsite versions 1.2 through 1.2 before 1.2.1
SUSE Studio Extension for System z versions 1.2 through 1.2 before 1.2.1
kiwi versions prior to 4.98.05
Description
The issue allows attackers to execute arbitrary commands via shell metacharacters in an image name.
Recommendations
For SUSE Studio Onsite version 1.2, update to version 1.2.1.
For SUSE Studio Extension for System z version 1.2, update to version 1.2.1.
For kiwi versions prior to 4.98.05, update to version 4.98.05 or later.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Suse Studio Extension For System Z
Suse Studio Onsite
Kiwi