Vulnerability Details CVE-2012-3366
The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the UUID field to the server process (bcfg2-server).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.038
EPSS Ranking 88.7%
CVSS Severity
CVSS v2 Score 9.0
References
- http://permalink.gmane.org/gmane.comp.sysutils.bcfg2.devel/4539
- http://secunia.com/advisories/49629
- http://secunia.com/advisories/49690
- http://www.debian.org/security/2012/dsa-2503
- http://www.securityfocus.com/bid/54217
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76616
- https://github.com/Bcfg2/bcfg2/commit/a524967e8d5c4c22e49cd619aed20c87a316c0be
- http://permalink.gmane.org/gmane.comp.sysutils.bcfg2.devel/4539
- http://secunia.com/advisories/49629
- http://secunia.com/advisories/49690
- http://www.debian.org/security/2012/dsa-2503
- http://www.securityfocus.com/bid/54217
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76616
- https://github.com/Bcfg2/bcfg2/commit/a524967e8d5c4c22e49cd619aed20c87a316c0be