Lucene search

[email protected]CVE-2012-3537

HistorySep 05, 2012 - 11:55 p.m.

CVE-2012-3537

2012-09-0523:55:02

CWE-264

[email protected]

web.nvd.nist.gov

crowbar

ohai

deployer barclamp

security

vulnerability

cve-2012-3537

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The Crowbar Ohai plugin (chef/cookbooks/ohai/files/default/plugins/crowbar.rb) in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands via vectors related to “insecure handling of tmp files” and predictable file names.

Affected configurations

NVD

Node

dellcrowbarRange≤1.4

CPENameOperatorVersion
dell:crowbardell crowbarle1.4

CPE	Name	Operator	Version
dell:crowbar	dell crowbar	le	1.4

References

osvdb.org/84955

secunia.com/advisories/50442

www.openwall.com/lists/oss-security/2012/08/27/5

www.openwall.com/lists/oss-security/2012/08/27/7

www.securityfocus.com/bid/55240

bugzilla.novell.com/show_bug.cgi?id=774967

exchange.xforce.ibmcloud.com/vulnerabilities/78041

github.com/dellcloudedge/barclamp-deployer/pull/57

github.com/SUSE-Cloud/barclamp-deployer/commit/5ea8d4ddaa4cb1ce834d36889f0fe7ac0d617bc8

github.com/SUSE-Cloud/barclamp-deployer/commit/b6454268a067fc77ff5de82057b5b53b3cc38b87

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2012-3537

nvd1 prion1 cvelist1