Vulnerability Description
Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows attackers to execute arbitrary commands via shell metacharacters in an unspecified FileUtils function call.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Marcus Schafer | Kiwi | <= 3.74.1 |
| Novell | Suse Studio Onsite | 1.1 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00013.html
- http://support.novell.com/security/cve/CVE-2011-2649.html
- http://www.securityfocus.com/bid/49236
- https://bugzilla.novell.com/show_bug.cgi?id=701815
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69284
- http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00013.html
- http://support.novell.com/security/cve/CVE-2011-2649.html
- http://www.securityfocus.com/bid/49236
- https://bugzilla.novell.com/show_bug.cgi?id=701815
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69284
FAQ
What is CVE-2011-2649?
CVE-2011-2649 is a vulnerability with a CVSS score of 7.5 (HIGH). Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows attackers to execute arbitrary commands via shell metacharacters in an unspecified FileUtils function call.
How severe is CVE-2011-2649?
CVE-2011-2649 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-2649?
Check the references section above for vendor advisories and patch information. Affected products include: Marcus Schafer Kiwi, Novell Suse Studio Onsite.