CVE-2012-3366

{"id": "CVE-2012-3366", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-07-03T16:40:35.007", "references": [{"url": "http://permalink.gmane.org/gmane.comp.sysutils.bcfg2.devel/4539", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/49629", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/49690", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2012/dsa-2503", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/54217", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76616", "source": "secalert@redhat.com"}, {"url": "https://github.com/Bcfg2/bcfg2/commit/a524967e8d5c4c22e49cd619aed20c87a316c0be", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://permalink.gmane.org/gmane.comp.sysutils.bcfg2.devel/4539", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/49629", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/49690", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2012/dsa-2503", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/54217", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76616", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/Bcfg2/bcfg2/commit/a524967e8d5c4c22e49cd619aed20c87a316c0be", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the UUID field to the server process (bcfg2-server)."}, {"lang": "es", "value": "El 'plugin' Trigger en bcfg2 v1.2.x antes de v1.2.3 permite ejecutar comandos de su elecci\u00f3n a atacantes remotos con acceso de root v\u00eda \"metacaracteres shell\" en el campo UUID para el proceso de servidor (bcfg2-server)."}], "lastModified": "2024-11-21T01:40:43.083", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:anl:bcfg2:1.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFEC6B25-9318-4304-B66D-B1C3E734A7ED"}, {"criteria": "cpe:2.3:a:anl:bcfg2:1.2.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17868C9C-72E4-4BC2-BCEC-A97DD6CBFE08"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}