Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 6 Sep 2011 16:41:36 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: Jonathan Wiltshire <jmw@...ian.org>, coley <coley@...re.org>
Subject: Re: CVE request for bcfg2 (remote root)

Please use CVE-2011-3211

Thanks.

-- 
    JB


----- Original Message -----
> Hi,
> 
> A bug report in Debian has come to light for which I can find no other
> information, and therefore I do not believe it has a CVE - but
> probably
> should.
> 
> From http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640028 :
> 
> "All released stable versions of the bcfg2-server contain several
> cases
> where data from the client is used in a shell command without properly
> escaping it first. The 1.2 prerelease series has been fixed.
> 
> "At least the SSHbase plugin has been confirmed as being exploitable.
> This is a remote root hole, which requires that the SSHbase plugin is
> enabled and that the attacker has control of a bcfg2 client machine."
> 
> A patch for the problem has been commited [1] upstream and backported
> [2] to
> the 1.1 series.
> 
> 1:
> https://github.com/solj/bcfg2/commit/f4a35efec1b6a1e54d61cf1b8bfc83dd1d89eef7
> 2:
> https://github.com/solj/bcfg2/commit/46795ae451ca6ede55a0edeb726978aef4684b53
> 
> Please CC me, I am not subscribed.
> 
> Thanks,
> 
> --
> Jonathan Wiltshire jmw@...ian.org
> Debian Developer http://people.debian.org/~jmw
> 
> 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ