Vulnerability CVE-2012-3366
Published: 2012-07-03   Modified: 2012-07-04

Description:
The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the UUID field to the server process (bcfg2-server).

Type:

CWE-78

 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') )

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
ANL -> Bcfg2 

 References:
https://github.com/Bcfg2/bcfg2/commit/a524967e8d5c4c22e49cd619aed20c87a316c0be
http://xforce.iss.net/xforce/xfdb/76616
http://www.securityfocus.com/bid/54217
http://www.debian.org/security/2012/dsa-2503
http://secunia.com/advisories/49690
http://secunia.com/advisories/49629
http://permalink.gmane.org/gmane.comp.sysutils.bcfg2.devel/4539
Copyright 2024, cxsecurity.com

 

Back to Top