CVE-2011-2649 Information

Description

Kiwi before 3.74.2 as used in SUSE Studio 1.1 before 1.1.4 allows attackers to execute arbitrary commands via shell metacharacters in an unspecified FileUtils function call.

Reference

http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00013.html http://support.novell.com/security/cve/CVE-2011-2649.html http://www.securityfocus.com/bid/49236 https://bugzilla.novell.com/show_bug.cgi?id=701815 https://exchange.xforce.ibmcloud.com/vulnerabilities/69284