Vulnerability Description
The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the UUID field to the server process (bcfg2-server).
CVSS Score
9.0
HIGH
AV:N/AC:L/Au:S/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Anl | Bcfg2 | 1.2.0 |
Related Weaknesses (CWE)
References
- http://permalink.gmane.org/gmane.comp.sysutils.bcfg2.devel/4539
- http://secunia.com/advisories/49629Vendor Advisory
- http://secunia.com/advisories/49690Vendor Advisory
- http://www.debian.org/security/2012/dsa-2503
- http://www.securityfocus.com/bid/54217
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76616
- https://github.com/Bcfg2/bcfg2/commit/a524967e8d5c4c22e49cd619aed20c87a316c0bePatch
- http://permalink.gmane.org/gmane.comp.sysutils.bcfg2.devel/4539
- http://secunia.com/advisories/49629Vendor Advisory
- http://secunia.com/advisories/49690Vendor Advisory
- http://www.debian.org/security/2012/dsa-2503
- http://www.securityfocus.com/bid/54217
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76616
- https://github.com/Bcfg2/bcfg2/commit/a524967e8d5c4c22e49cd619aed20c87a316c0bePatch
FAQ
What is CVE-2012-3366?
CVE-2012-3366 is a vulnerability with a CVSS score of 9.0 (HIGH). The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the UUID field to the server process (bc...
How severe is CVE-2012-3366?
CVE-2012-3366 has been rated HIGH with a CVSS base score of 9.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-3366?
Check the references section above for vendor advisories and patch information. Affected products include: Anl Bcfg2.