4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
7.4 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
The Crowbar Ohai plugin (chef/cookbooks/ohai/files/default/plugins/crowbar.rb) in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands via vectors related to “insecure handling of tmp files” and predictable file names.
CPE | Name | Operator | Version |
---|---|---|---|
dell:crowbar | dell crowbar | le | 1.4 |
osvdb.org/84955
secunia.com/advisories/50442
www.openwall.com/lists/oss-security/2012/08/27/5
www.openwall.com/lists/oss-security/2012/08/27/7
www.securityfocus.com/bid/55240
bugzilla.novell.com/show_bug.cgi?id=774967
exchange.xforce.ibmcloud.com/vulnerabilities/78041
github.com/dellcloudedge/barclamp-deployer/pull/57
github.com/SUSE-Cloud/barclamp-deployer/commit/5ea8d4ddaa4cb1ce834d36889f0fe7ac0d617bc8
github.com/SUSE-Cloud/barclamp-deployer/commit/b6454268a067fc77ff5de82057b5b53b3cc38b87