A number of cases of unescaped client data used in shell commands were fixed in bcfg2 [1],[2]. The SSHbase plugin has been confirmed as being exploitable, which would allow a remote attacker to execute arbitrary code on the bcfg2 server if the SSHbase plugin were enabled and the attacker had control of a bcfg2 client machine. Fixes in the 1.2 pre-release series [1] and a backport to the 1.1 series [2] are available. [1] https://github.com/solj/bcfg2/commit/f4a35efec1b6a1e54d61cf1b8bfc83dd1d89eef7 [2] https://github.com/solj/bcfg2/commit/46795ae451ca6ede55a0edeb726978aef4684b53
Created bcfg2 tracking bugs for this issue Affects: fedora-all [bug 735238] Affects: epel-all [bug 735239]
*** This bug has been marked as a duplicate of bug 736279 ***