PT-2012-4665 · Bcfg2 · Bcfg2

Stpierre

Published

2012-07-03

Updated

2017-08-29

CVE-2012-3366

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions bcfg2 versions 1.2.x through 1.2.2

Description The issue allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the UUID field to the server process. This is related to the Trigger plugin in bcfg2.

Recommendations For bcfg2 versions 1.2.x through 1.2.2, update to version 1.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Trigger plugin to minimize the risk of exploitation. Avoid using shell metacharacters in the UUID field until the issue is resolved.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2012-3366

DSA-2503-1

Affected Products

Bcfg2

PT-2012-4665 · Bcfg2 · Bcfg2

CVE-2012-3366

Weakness Enumeration

Related Identifiers

Affected Products

References · 8