CVE-2012-3366

bcfg2 1.2.x < 1.2.3 - Authenticated Remote Code Execution via Trigger Plugin UUID Field

Title source: llm
STIX 2.1

Description

The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the UUID field to the server process (bcfg2-server).

References (7)

Core 7
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2012/dsa-2503
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49690
Various Sources mailing-list x_refsource_mlist
http://permalink.gmane.org/gmane.comp.sysutils.bcfg2.devel/4539
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/54217
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49629
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/76616

Scores

EPSS 0.0382
EPSS Percentile 88.8%

Details

CWE
CWE-78
Status published
Products (1)
anl/bcfg2 1.2.0 (2 CPE variants)
Published Jul 03, 2012
Tracked Since Feb 18, 2026