735237 – bcfg2: unescaped shell commands can lead to arbitrary code execution

Bug 735237 - bcfg2: unescaped shell commands can lead to arbitrary code execution

Summary: bcfg2: unescaped shell commands can lead to arbitrary code execution

Keywords:
Status:	CLOSED DUPLICATE of bug 736279
Alias:	None
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	735238 735239
Blocks:
TreeView+	depends on / blocked

Reported:	2011-09-01 21:34 UTC by Vincent Danen
Modified:	2019-09-29 12:47 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-09-07 21:46:49 UTC
Embargoed:

Attachments	(Terms of Use)

Description Vincent Danen 2011-09-01 21:34:29 UTC

A number of cases of unescaped client data used in shell commands were fixed in bcfg2 [1],[2].  The SSHbase plugin has been confirmed as being exploitable, which would allow a remote attacker to execute arbitrary code on the bcfg2 server if the SSHbase plugin were enabled and the attacker had control of a bcfg2 client machine.

Fixes in the 1.2 pre-release series [1] and a backport to the 1.1 series [2] are available.

[1] https://github.com/solj/bcfg2/commit/f4a35efec1b6a1e54d61cf1b8bfc83dd1d89eef7
[2] https://github.com/solj/bcfg2/commit/46795ae451ca6ede55a0edeb726978aef4684b53

Comment 1 Vincent Danen 2011-09-01 21:35:31 UTC

Created bcfg2 tracking bugs for this issue

Affects: fedora-all [bug 735238]
Affects: epel-all [bug 735239]

Comment 2 Fabian Affolter 2011-09-07 21:46:49 UTC


*** This bug has been marked as a duplicate of bug 736279 ***

Note You need to log in before you can comment on or make changes to this bug.