Bug 835985 (CVE-2012-3366) - CVE-2012-3366 bcfg2: arbitrary code execution flaw in Trigger plugin
Summary: CVE-2012-3366 bcfg2: arbitrary code execution flaw in Trigger plugin
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2012-3366
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 835987 835988
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-06-27 18:24 UTC by Vincent Danen
Modified: 2019-09-29 12:53 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-12-20 17:50:51 UTC
Embargoed:


Attachments (Terms of Use)

Description Vincent Danen 2012-06-27 18:24:59 UTC
Quoting the upstream announcement [1]:


"We have found a major security flaw in the Trigger plugin that would 
allow a malicious user who has root access to a Bcfg2 client to run 
arbitrary commands on the server as the user the bcfg2-server process is 
running as by passing a malformed UUID.

This is very similar to a flaw discovered last year in a large number of 
other plugins; this instance was not fixed at that time because Trigger 
uses a different method to invoke external shell commands, and because 
Trigger previously hid all errors from trigger scripts, so tests did not 
find the issue.  As a side effect of this change, Trigger will begin 
reporting errors from triggered scripts.

This only affects the Trigger plugin; if you are not using Trigger, you 
are not affected by this flaw.  As a workaround, you can disable Trigger 
until you are able to upgrade."


This has been corrected in git [2] which will be included in the future 1.2.3 release (currently not available).

EPEL5 is using 1.1.3, for which there is no patch, so the upstream patch will need to be backported or EPEL5 will need to be upgraded to 1.2.x and patched.  Debian does have a backported patch for their 1.0.1 package which may be applicable (haven't checked if it applies) [3].

[1] http://permalink.gmane.org/gmane.comp.sysutils.bcfg2.devel/4539
[2] http://trac.mcs.anl.gov/projects/bcfg2/changeset/a524967e8d5c4c22e49cd619aed20c87a316c0be
[3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=679272

Comment 1 Vincent Danen 2012-06-27 18:26:38 UTC
Created bcfg2 tracking bugs for this issue

Affects: fedora-all [bug 835987]
Affects: epel-all [bug 835988]

Comment 2 Kurt Seifried 2012-06-28 00:28:31 UTC
Added CVE as per http://www.openwall.com/lists/oss-security/2012/06/28/1


Note You need to log in before you can comment on or make changes to this bug.