Lucene search

[email protected]CVE-2012-3366

HistoryJul 03, 2012 - 4:40 p.m.

CVE-2012-3366

2012-07-0316:40:00

CWE-78

[email protected]

web.nvd.nist.gov

cve-2012-3366

bcfg2

trigger plugin

remote attackers

root access

arbitrary commands

shell metacharacters

security vulnerability

nvd

7.3 High

AI Score

Confidence

Low

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

75.3%

JSON

The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the UUID field to the server process (bcfg2-server).

CPENameOperatorVersion
anl:bcfg2anl bcfg2eq1.2.0

CPE	Name	Operator	Version
anl:bcfg2	anl bcfg2	eq	1.2.0

References

permalink.gmane.org/gmane.comp.sysutils.bcfg2.devel/4539

secunia.com/advisories/49629

secunia.com/advisories/49690

www.debian.org/security/2012/dsa-2503

www.securityfocus.com/bid/54217

exchange.xforce.ibmcloud.com/vulnerabilities/76616

github.com/Bcfg2/bcfg2/commit/a524967e8d5c4c22e49cd619aed20c87a316c0be

Social References

7.3 High

AI Score

Confidence

Low

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

75.3%

JSON

Related for CVE-2012-3366

prion1 nessus3 securityvulns2 openvas6 cvelist1 debiancve1 fedora2 debian1 ubuntucve1