From a Debian bug (See also): "All released stable versions of the bcfg2-server contain several cases where data from the client is used in a shell command without properly escaping it first. The 1.2 prerelease series has been fixed. "At least the SSHbase plugin has been confirmed as being exploitable. This is a remote root hole, which requires that the SSHbase plugin is enabled and that the attacker has control of a bcfg2 client machine." A patch for the problem has been commited [1] upstream and backported [2] to the 1.1 series. 1: https://github.com/solj/bcfg2/commit/f4a35efec1b6a1e54d61cf1b8bfc83dd1d89eef7 2: https://github.com/solj/bcfg2/commit/46795ae451ca6ede55a0edeb726978aef4684b53
CVE-2011-3211 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3211): The server in Bcfg2 1.1.2 and earlier, and 1.2 prerelease, allows remote attackers to execute arbitrary commands via shell metacharacters in data received from a client.
+*bcfg2-1.2.0_rc2 (11 Nov 2011) +*bcfg2-1.1.3 (11 Nov 2011) + + 11 Nov 2011; Michael Weber <xmw@gentoo.org> -bcfg2-1.1.0.ebuild, + -bcfg2-1.1.2.ebuild, +bcfg2-1.1.3.ebuild, +bcfg2-1.2.0_rc2.ebuild: + Version bump to address security issues (bug 381543) +
Thanks, folks. Closing noglsa.