CVE-2012-3537 Information

Description

The Crowbar Ohai plugin (chef/cookbooks/ohai/files/default/plugins/crowbar.rb) in the Deployer Barclamp in Crowbar possibly 1.4 and earlier allows local users to execute arbitrary shell commands via vectors related to \insecure handling of tmp files\ and predictable file names.

Reference

http://osvdb.org/84955 http://secunia.com/advisories/50442 http://www.openwall.com/lists/oss-security/2012/08/27/5 http://www.openwall.com/lists/oss-security/2012/08/27/7 http://www.securityfocus.com/bid/55240 https://bugzilla.novell.com/show_bug.cgi?id=774967 https://exchange.xforce.ibmcloud.com/vulnerabilities/78041 https://github.com/dellcloudedge/barclamp-deployer/pull/57 https://github.com/SUSE-Cloud/barclamp-deployer/commit/5ea8d4ddaa4cb1ce834d36889f0fe7ac0d617bc8 https://github.com/SUSE-Cloud/barclamp-deployer/commit/b6454268a067fc77ff5de82057b5b53b3cc38b87