Bug 735237 - bcfg2: unescaped shell commands can lead to arbitrary code execution
Summary: bcfg2: unescaped shell commands can lead to arbitrary code execution
Status: CLOSED DUPLICATE of bug 736279
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 735238 735239
TreeView+ depends on / blocked
Reported: 2011-09-01 21:34 UTC by Vincent Danen
Modified: 2019-09-29 12:47 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2011-09-07 21:46:49 UTC

Attachments (Terms of Use)

Description Vincent Danen 2011-09-01 21:34:29 UTC
A number of cases of unescaped client data used in shell commands were fixed in bcfg2 [1],[2].  The SSHbase plugin has been confirmed as being exploitable, which would allow a remote attacker to execute arbitrary code on the bcfg2 server if the SSHbase plugin were enabled and the attacker had control of a bcfg2 client machine.

Fixes in the 1.2 pre-release series [1] and a backport to the 1.1 series [2] are available.

[1] https://github.com/solj/bcfg2/commit/f4a35efec1b6a1e54d61cf1b8bfc83dd1d89eef7
[2] https://github.com/solj/bcfg2/commit/46795ae451ca6ede55a0edeb726978aef4684b53

Comment 1 Vincent Danen 2011-09-01 21:35:31 UTC
Created bcfg2 tracking bugs for this issue

Affects: fedora-all [bug 735238]
Affects: epel-all [bug 735239]

Comment 2 Fabian Affolter 2011-09-07 21:46:49 UTC

*** This bug has been marked as a duplicate of bug 736279 ***

Note You need to log in before you can comment on or make changes to this bug.