CVE-2011-2647 - OpenCVE

Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted archive name in the list of testdrive modified files.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Marcus Schafer	Kiwi
Novell	Suse Studio Onsite

Configuration 1 [-]

OR	cpe:2.3:a:marcus_schafer:kiwi::::::::
	cpe:2.3:a:novell:suse_studio_onsite:1.1:::::::*

No data.

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00013.html
http://support.novell.com/security/cve/CVE-2011-2647.html
http://www.securityfocus.com/bid/49236
https://bugzilla.novell.com/show_bug.cgi?id=700589
https://exchange.xforce.ibmcloud.com/vulnerabilities/69282

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2011-08-23T21:00:00

Updated: 2024-08-06T23:08:23.730Z

Reserved: 2011-07-06T00:00:00

Link: CVE-2011-2647

Vulnrichment

No data.

NVD

Status : Modified

Published: 2011-08-23T21:55:01.697

Modified: 2017-08-29T01:29:29.097

Link: CVE-2011-2647

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-08-18T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted archive name in the list of testdrive modified files."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "49236", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/49236"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.novell.com/security/cve/CVE-2011-2647.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=700589"}, {"name": "SUSE-SU-2011:0917", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00013.html"}, {"name": "kiwi-archive-code-execution(69282)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69282"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-2647", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted archive name in the list of testdrive modified files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "49236", "refsource": "BID", "url": "http://www.securityfocus.com/bid/49236"}, {"name": "http://support.novell.com/security/cve/CVE-2011-2647.html", "refsource": "CONFIRM", "url": "http://support.novell.com/security/cve/CVE-2011-2647.html"}, {"name": "https://bugzilla.novell.com/show_bug.cgi?id=700589", "refsource": "CONFIRM", "url": "https://bugzilla.novell.com/show_bug.cgi?id=700589"}, {"name": "SUSE-SU-2011:0917", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00013.html"}, {"name": "kiwi-archive-code-execution(69282)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69282"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:08:23.730Z"}, "title": "CVE Program Container", "references": [{"name": "49236", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/49236"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.novell.com/security/cve/CVE-2011-2647.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=700589"}, {"name": "SUSE-SU-2011:0917", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00013.html"}, {"name": "kiwi-archive-code-execution(69282)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69282"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-2647", "datePublished": "2011-08-23T21:00:00", "dateReserved": "2011-07-06T00:00:00", "dateUpdated": "2024-08-06T23:08:23.730Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:marcus_schafer:kiwi:*:*:*:*:*:*:*:*", "matchCriteriaId": "58037766-D68D-4A0F-BD93-2813F9954031", "versionEndIncluding": "3.74.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:suse_studio_onsite:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "EE3F94E8-31C6-4C82-AE55-767A23AE3495", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted archive name in the list of testdrive modified files."}, {"lang": "es", "value": "Vulnerabilidad no especificada en Kiwi antes de v3.74.2, como se utiliza en SUSE Studio v1.1 antes de v1.1.4, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un nombre de archivo creado en la lista de archivos modificados de prueba."}], "id": "CVE-2011-2647", "lastModified": "2017-08-29T01:29:29.097", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-08-23T21:55:01.697", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00013.html"}, {"source": "cve@mitre.org", "url": "http://support.novell.com/security/cve/CVE-2011-2647.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/49236"}, {"source": "cve@mitre.org", "url": "https://bugzilla.novell.com/show_bug.cgi?id=700589"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69282"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}