Summary: | <app-admin/bcfg2-1.2.2-r1 Trigger plugin remote client privilege escalation (CVE-2012-3366) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Michael Weber (RETIRED) <xmw> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | mjinks, xmw |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://trac.mcs.anl.gov/projects/bcfg2/changeset/a524967e8d5c4c22e49cd619aed20c87a316c0be/ | ||
Whiteboard: | ~0 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Michael Weber (RETIRED)
2012-06-29 06:27:36 UTC
+*bcfg2-1.2.2-r1 (29 Jun 2012) + + 29 Jun 2012; Michael Weber <xmw@gentoo.org> +bcfg2-1.2.2-r1.ebuild, + +files/bcfg2-1.2.2-CVE-2012-3366-Trigger-plugin.patch: + Revbump to fix trigger plugin security problem (bug 424025) + + 29 Jun 2012; Michael Weber <xmw@gentoo.org> package.mask: + Mask <app-admin/bcfg2-1.2.2-r1 for security, bug 424025) + CVE-2012-3366 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3366): The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the UUID field to the server process (bcfg2-server). Thanks, everyone. Closing noglsa for ~arch only |