Unescaped shell command vulnerabilities
Bug #844743 reported by
Julian Taylor
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
bcfg2 (Debian) |
Fix Released
|
Unknown
|
|||
bcfg2 (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Hardy |
Fix Released
|
High
|
Unassigned | ||
Lucid |
Fix Released
|
High
|
Unassigned | ||
Maverick |
Fix Released
|
High
|
Unassigned | ||
Natty |
Fix Released
|
High
|
Unassigned | ||
Oneiric |
Fix Released
|
High
|
Unassigned |
Bug Description
imported from debian bug 640028:
All released stable versions of the bcfg2-server contain several cases
where data from the client is used in a shell command without properly
escaping it first. The 1.2 prerelease series has been fixed.
At least the SSHbase plugin has been confirmed as being exploitable.
This is a remote root hole, which requires that the SSHbase plugin is
enabled and that the attacker has control of a bcfg2 client machine.
See
https:/
for the original security fix, and
https:/
for the backport to the 1.1 series.
--
Arto Jantunen
Related branches
CVE References
Changed in bcfg2 (Ubuntu): | |
importance: | Undecided → High |
status: | New → Confirmed |
Changed in bcfg2 (Ubuntu Lucid): | |
status: | New → Triaged |
importance: | Undecided → High |
Changed in bcfg2 (Ubuntu Maverick): | |
status: | New → Triaged |
importance: | Undecided → High |
Changed in bcfg2 (Ubuntu Natty): | |
status: | New → Triaged |
importance: | Undecided → High |
Changed in bcfg2 (Ubuntu Oneiric): | |
status: | Confirmed → Triaged |
Changed in bcfg2 (Ubuntu Hardy): | |
status: | New → Triaged |
importance: | Undecided → High |
visibility: | private → public |
Changed in bcfg2 (Debian): | |
status: | Unknown → Fix Released |
To post a comment you must log in.
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https:/ /wiki.ubuntu. com/SecurityTea m/UpdateProcedu res