Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 1 Sep 2011 22:00:26 +0100
From: Jonathan Wiltshire <jmw@...ian.org>
To: oss-security@...ts.openwall.com
Subject: CVE request for bcfg2 (remote root)

Hi,

A bug report in Debian has come to light for which I can find no other
information, and therefore I do not believe it has a CVE - but probably
should.

From http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640028 :

"All released stable versions of the bcfg2-server contain several cases
where data from the client is used in a shell command without properly
escaping it first. The 1.2 prerelease series has been fixed.

"At least the SSHbase plugin has been confirmed as being exploitable.
This is a remote root hole, which requires that the SSHbase plugin is
enabled and that the attacker has control of a bcfg2 client machine."

A patch for the problem has been commited [1] upstream and backported [2] to
the 1.1 series.

1: https://github.com/solj/bcfg2/commit/f4a35efec1b6a1e54d61cf1b8bfc83dd1d89eef7
2: https://github.com/solj/bcfg2/commit/46795ae451ca6ede55a0edeb726978aef4684b53

Please CC me, I am not subscribed.

Thanks,

-- 
Jonathan Wiltshire                                      jmw@...ian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ