CVE-2012-3366 - OpenCVE

The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the UUID field to the server process (bcfg2-server).

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Anl	Bcfg2

Configuration 1 [-]

OR	cpe:2.3:a:anl:bcfg2:1.2.0:::::::*
	cpe:2.3:a:anl:bcfg2:1.2.0:rc2::::::

References

Link	Resource
http://permalink.gmane.org/gmane.comp.sysutils.bcfg2.devel/4539
http://secunia.com/advisories/49629	Vendor Advisory
http://secunia.com/advisories/49690	Vendor Advisory
http://www.debian.org/security/2012/dsa-2503
http://www.securityfocus.com/bid/54217
https://exchange.xforce.ibmcloud.com/vulnerabilities/76616
https://github.com/Bcfg2/bcfg2/commit/a524967e8d5c4c22e49cd619aed20c87a316c0be	Patch

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2012-07-03T16:00:00

Updated: 2017-08-28T12:57:01

Reserved: 2012-06-14T00:00:00

Link: CVE-2012-3366

JSON object: View

NVD Information

Status : Modified

Published: 2012-07-03T16:40:35.007

Modified: 2017-08-29T01:31:54.507

Link: CVE-2012-3366

JSON object: View

Redhat Information

No data.

CWE

CWE-78

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:anl:bcfg2:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "BFEC6B25-9318-4304-B66D-B1C3E734A7ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:anl:bcfg2:1.2.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "17868C9C-72E4-4BC2-BCEC-A97DD6CBFE08", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the UUID field to the server process (bcfg2-server)."}, {"lang": "es", "value": "El 'plugin' Trigger en bcfg2 v1.2.x antes de v1.2.3 permite ejecutar comandos de su elecci\u00f3n a atacantes remotos con acceso de root v\u00eda \"metacaracteres shell\" en el campo UUID para el proceso de servidor (bcfg2-server)."}], "id": "CVE-2012-3366", "lastModified": "2017-08-29T01:31:54.507", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-07-03T16:40:35.007", "references": [{"source": "secalert@redhat.com", "url": "http://permalink.gmane.org/gmane.comp.sysutils.bcfg2.devel/4539"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/49629"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/49690"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2012/dsa-2503"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/54217"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76616"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://github.com/Bcfg2/bcfg2/commit/a524967e8d5c4c22e49cd619aed20c87a316c0be"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}