Bug 736279 (CVE-2011-3211)
Summary: | CVE-2011-3211 bcfg2 (bcfg2-server): Privilege escalation due to improper escaping of shell command data sent from client, when SSHbase plug-in enabled | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED UPSTREAM | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | jeff, rcvalle, vdanen |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-06-06 10:11:15 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 736281, 736282 | ||
Bug Blocks: |
Description
Jan Lieskovsky
2011-09-07 09:07:31 UTC
This issue affects the versions of the bcfg2 package, as shipped with Fedora release of 14 and 15. Please schedule an update. This issue affects the versions of the bcfg2 package, as present within EPEL-5 and EPEL-6 repositories. Please schedule an update. -- For bcfg2 package version, as present within EPEL-4 repository, it is not definitely clear, if this version is affected (the relevant code is slightly different in that version, so if affected, aforementioned upstream patches [4], [5] would need to be backported to older 0.9.6 version, present in EPEL-4). Jeffrey, for EPEL-4 could you please have a look && confirm if EPEL-4 bcfg2 version is affected by this issue or not? And if affected, could you schedule an update / rebase for EPEL-4 version too? Thanks, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team Created bcfg2 tracking bugs for this issue Affects: fedora-all [bug 736281] Created bcfg2 tracking bugs for this issue Affects: epel-all [bug 736282] *** Bug 735237 has been marked as a duplicate of this bug. *** bcfg2-1.1.3-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report. bcfg2-1.1.3-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. |