PT-2014-2167 · Suse · Suse Studio Extension For System Z+2

Thomas Biege

Published

2014-04-16

Updated

2014-04-17

CVE-2011-4195

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SUSE Studio Onsite versions 1.2 through 1.2 before 1.2.1 SUSE Studio Extension for System z versions 1.2 through 1.2 before 1.2.1 kiwi versions prior to 4.98.05

Description The issue allows attackers to execute arbitrary commands via shell metacharacters in an image name.

Recommendations For SUSE Studio Onsite version 1.2, update to version 1.2.1. For SUSE Studio Extension for System z version 1.2, update to version 1.2.1. For kiwi versions prior to 4.98.05, update to version 4.98.05 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2011-4195

Affected Products

Suse Studio Extension For System Z

Suse Studio Onsite

Kiwi

PT-2014-2167 · Suse · Suse Studio Extension For System Z+2

CVE-2011-4195

Related Identifiers

Affected Products

References · 4