{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-08-16T00:00:00", "descriptions": [{"lang": "en", "value": "The server in Bcfg2 1.1.2 and earlier, and 1.2 prerelease, allows remote attackers to execute arbitrary commands via shell metacharacters in data received from a client."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-09-22T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/solj/bcfg2/commit/f4a35efec1b6a1e54d61cf1b8bfc83dd1d89eef7"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=736279"}, {"name": "49414", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/49414"}, {"name": "46042", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/46042"}, {"name": "DSA-2302", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2011/dsa-2302"}, {"name": "FEDORA-2011-12303", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066070.html"}, {"name": "45926", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/45926"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640028"}, {"name": "[bcfg-dev] 20110816 Security flaw in 1.1.x; testers wanted", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://article.gmane.org/gmane.comp.sysutils.bcfg2.devel/4318"}, {"name": "45807", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/45807"}, {"name": "[oss-security] 20110906 Re: CVE request for bcfg2 (remote root)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/09/06/1"}, {"name": "FEDORA-2011-12298", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066071.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/solj/bcfg2/commit/46795ae451ca6ede55a0edeb726978aef4684b53"}, {"name": "[oss-security] 20110901 CVE request for bcfg2 (remote root)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/09/01/1"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:29:55.407Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/solj/bcfg2/commit/f4a35efec1b6a1e54d61cf1b8bfc83dd1d89eef7"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=736279"}, {"name": "49414", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/49414"}, {"name": "46042", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/46042"}, {"name": "DSA-2302", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2011/dsa-2302"}, {"name": "FEDORA-2011-12303", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066070.html"}, {"name": "45926", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/45926"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640028"}, {"name": "[bcfg-dev] 20110816 Security flaw in 1.1.x; testers wanted", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://article.gmane.org/gmane.comp.sysutils.bcfg2.devel/4318"}, {"name": "45807", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/45807"}, {"name": "[oss-security] 20110906 Re: CVE request for bcfg2 (remote root)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/09/06/1"}, {"name": "FEDORA-2011-12298", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066071.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/solj/bcfg2/commit/46795ae451ca6ede55a0edeb726978aef4684b53"}, {"name": "[oss-security] 20110901 CVE request for bcfg2 (remote root)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/09/01/1"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-3211", "datePublished": "2011-09-15T20:00:00", "dateReserved": "2011-08-19T00:00:00", "dateUpdated": "2024-08-06T23:29:55.407Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bcfg2:bcfg2:*:*:*:*:*:*:*:*", "matchCriteriaId": "77A928D8-07DE-4B90-AA9E-92DCEC76CFFA", "versionEndIncluding": "1.1.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "887E6F86-C2E3-4C99-A221-4DA23AFEB670", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.4:*:*:*:*:*:*:*", "matchCriteriaId": "7A6AD1D6-A82B-4755-A6F3-3F2880BCC58C", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.5:*:*:*:*:*:*:*", "matchCriteriaId": "B2A17178-D13C-4C7A-AA8D-57FD0504DBC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.6:*:*:*:*:*:*:*", "matchCriteriaId": "EDEC3F72-1EF4-4019-A4D5-22435A53C969", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "8F9DDADC-7ED2-40B7-A7BF-59C6EA76682B", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "3ED2D839-B25E-4CA4-B482-A7930515776F", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "EE8C9539-9F13-4A2B-AEF2-790A30E6B4F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "6DA64795-89BF-454F-AF68-11748F37BBD1", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "E2918A6E-E9AD-4C75-B348-ED6F4F69264C", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "21315AD3-773A-470E-A201-D5184A84DC87", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "E136795E-7FE9-4EEC-9D5C-81F3CCBEFB3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.6.9:*:*:*:*:*:*:*", "matchCriteriaId": "384A9EA5-63D3-4B66-A53B-B31F6716F265", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.6.10:*:*:*:*:*:*:*", "matchCriteriaId": "5A1DEE63-F95C-409C-9063-A89CF9AB6023", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "62523B2D-4412-45AF-B0EC-E6E00F711F74", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "32729C3F-2D4C-4EA3-B44A-9E04020D4D67", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "A25D6157-5431-4A6C-80C9-C3DEDFBB3C30", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "EECD2B05-2497-4B40-939B-46539F9F91B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "292F346B-DC6F-4FBF-B2B9-860122B1CC98", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "735F5DD0-0E9F-4A75-8528-71B23C08EE3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "7CFFE471-CF69-40C6-ACEB-5D7EFDB3A882", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "5953E395-69E9-49CA-BC04-15E083E27230", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "C02A1EA0-1AB6-4D3F-9295-CEE9FA48D6FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "0247382E-5E59-4D86-8AD3-790E46FF4A1F", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "AAC82467-8528-458A-9AA8-9ADB42554F02", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.8.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "E1D64218-1FCC-4587-8839-B72C6681FBC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "0F387C3A-D7B2-4308-9CAE-9F425DDF3C34", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.8.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "9523B97E-89F6-42AA-BF35-2F2D14111C5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.8.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "C13577D8-DF81-4583-AE44-BDC28FC7FF90", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "035CB0CB-5BD9-49D5-AAFA-6FA6DE6A304B", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.9.1d:*:*:*:*:*:*:*", "matchCriteriaId": "E94EDC70-1E55-4EE0-9D4F-D651860A747E", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "2286469A-B930-494E-A149-C93C002DE829", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "EFFA6DF0-48D2-4A74-B4A6-96461BCD2032", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "FDAFDE21-457F-4940-B5DA-C82BDE33E276", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "6DD0755D-F58B-4145-A415-423872DE2666", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.9.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "75752F84-08E8-4CD9-84FA-6270D5D32B16", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.9.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "473AC1DE-E521-4281-8F9D-ED1402518644", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.9.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "09447F81-211B-49E0-907E-4ECAD0F83883", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.9.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "F3DA85BD-68AD-408E-8376-520896DF3E85", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.9.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "A06908AC-9F4A-4FA5-BC70-73B9D65B6B3B", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "A67B14D0-0824-417F-AB98-09FB0DB9DBF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:1.0:pre1:*:*:*:*:*:*", "matchCriteriaId": "93070B16-C4EC-43C0-B7AC-780B0726E603", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:1.0:pre2:*:*:*:*:*:*", "matchCriteriaId": "2C2B2EBC-C594-422A-AFBF-E533449F06B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:1.0:pre4:*:*:*:*:*:*", "matchCriteriaId": "0D35FC9A-9B30-478A-81F7-282AE84FA331", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "41654280-40DE-4D8D-BB30-E4EB30B6C1CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "548B1801-0D47-4C9C-A408-3186189D1FF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9F7508FC-2FA3-484A-98E7-F4B5436F1944", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "500BD528-099E-447D-BD5F-0D7AEA8540FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:1.2:prerelease:*:*:*:*:*:*", "matchCriteriaId": "04CB1E12-2E59-42CE-AABE-CDC470A20B6E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The server in Bcfg2 1.1.2 and earlier, and 1.2 prerelease, allows remote attackers to execute arbitrary commands via shell metacharacters in data received from a client."}, {"lang": "es", "value": "El servidor en Bcfg2 1.1.2 y versiones anteriores, y 1.2 prerelease, permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de meta-caracteres de shell en datos recibidos del cliente."}], "id": "CVE-2011-3211", "lastModified": "2011-09-23T03:34:34.677", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-09-16T12:35:13.573", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://article.gmane.org/gmane.comp.sysutils.bcfg2.devel/4318"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640028"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066070.html"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066071.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/09/01/1"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/09/06/1"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/45807"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/45926"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/46042"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2011/dsa-2302"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/49414"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=736279"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://github.com/solj/bcfg2/commit/46795ae451ca6ede55a0edeb726978aef4684b53"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://github.com/solj/bcfg2/commit/f4a35efec1b6a1e54d61cf1b8bfc83dd1d89eef7"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}