Vulnerability Description
The Crowbar Ohai plugin (chef/cookbooks/ohai/files/default/plugins/crowbar.rb) in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands via vectors related to "insecure handling of tmp files" and predictable file names.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Crowbar | <= 1.4 |
Related Weaknesses (CWE)
References
- http://osvdb.org/84955
- http://secunia.com/advisories/50442Vendor Advisory
- http://www.openwall.com/lists/oss-security/2012/08/27/5
- http://www.openwall.com/lists/oss-security/2012/08/27/7
- http://www.securityfocus.com/bid/55240
- https://bugzilla.novell.com/show_bug.cgi?id=774967
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78041
- https://github.com/SUSE-Cloud/barclamp-deployer/commit/5ea8d4ddaa4cb1ce834d36889ExploitPatch
- https://github.com/SUSE-Cloud/barclamp-deployer/commit/b6454268a067fc77ff5de8205ExploitPatch
- https://github.com/dellcloudedge/barclamp-deployer/pull/57
- http://osvdb.org/84955
- http://secunia.com/advisories/50442Vendor Advisory
- http://www.openwall.com/lists/oss-security/2012/08/27/5
- http://www.openwall.com/lists/oss-security/2012/08/27/7
- http://www.securityfocus.com/bid/55240
FAQ
What is CVE-2012-3537?
CVE-2012-3537 is a vulnerability with a CVSS score of 4.6 (MEDIUM). The Crowbar Ohai plugin (chef/cookbooks/ohai/files/default/plugins/crowbar.rb) in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands via...
How severe is CVE-2012-3537?
CVE-2012-3537 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-3537?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Crowbar.