CVE-2012-3366 Information

Description

The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the UUID field to the server process (bcfg2-server).

Reference

http://permalink.gmane.org/gmane.comp.sysutils.bcfg2.devel/4539 http://secunia.com/advisories/49629 http://secunia.com/advisories/49690 http://www.debian.org/security/2012/dsa-2503 http://www.securityfocus.com/bid/54217 https://exchange.xforce.ibmcloud.com/vulnerabilities/76616 https://github.com/Bcfg2/bcfg2/commit/a524967e8d5c4c22e49cd619aed20c87a316c0be