CVE-2011-3211

{"id": "CVE-2011-3211", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-09-16T12:35:13.573", "references": [{"url": "http://article.gmane.org/gmane.comp.sysutils.bcfg2.devel/4318", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640028", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066070.html", "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066071.html", "source": "secalert@redhat.com"}, {"url": "http://openwall.com/lists/oss-security/2011/09/01/1", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://openwall.com/lists/oss-security/2011/09/06/1", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/45807", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/45926", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/46042", "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2011/dsa-2302", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/49414", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=736279", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "https://github.com/solj/bcfg2/commit/46795ae451ca6ede55a0edeb726978aef4684b53", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "https://github.com/solj/bcfg2/commit/f4a35efec1b6a1e54d61cf1b8bfc83dd1d89eef7", "tags": ["Patch"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The server in Bcfg2 1.1.2 and earlier, and 1.2 prerelease, allows remote attackers to execute arbitrary commands via shell metacharacters in data received from a client."}, {"lang": "es", "value": "El servidor en Bcfg2 1.1.2 y versiones anteriores, y 1.2 prerelease, permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de meta-caracteres de shell en datos recibidos del cliente."}], "lastModified": "2011-09-23T03:34:34.677", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bcfg2:bcfg2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77A928D8-07DE-4B90-AA9E-92DCEC76CFFA", "versionEndIncluding": "1.1.2"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "887E6F86-C2E3-4C99-A221-4DA23AFEB670"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A6AD1D6-A82B-4755-A6F3-3F2880BCC58C"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2A17178-D13C-4C7A-AA8D-57FD0504DBC5"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EDEC3F72-1EF4-4019-A4D5-22435A53C969"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F9DDADC-7ED2-40B7-A7BF-59C6EA76682B"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3ED2D839-B25E-4CA4-B482-A7930515776F"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE8C9539-9F13-4A2B-AEF2-790A30E6B4F2"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DA64795-89BF-454F-AF68-11748F37BBD1"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.6.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2918A6E-E9AD-4C75-B348-ED6F4F69264C"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.6.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21315AD3-773A-470E-A201-D5184A84DC87"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.6.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E136795E-7FE9-4EEC-9D5C-81F3CCBEFB3D"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.6.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "384A9EA5-63D3-4B66-A53B-B31F6716F265"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.6.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A1DEE63-F95C-409C-9063-A89CF9AB6023"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62523B2D-4412-45AF-B0EC-E6E00F711F74"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32729C3F-2D4C-4EA3-B44A-9E04020D4D67"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A25D6157-5431-4A6C-80C9-C3DEDFBB3C30"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.7.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EECD2B05-2497-4B40-939B-46539F9F91B6"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.7.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "292F346B-DC6F-4FBF-B2B9-860122B1CC98"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "735F5DD0-0E9F-4A75-8528-71B23C08EE3F"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CFFE471-CF69-40C6-ACEB-5D7EFDB3A882"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5953E395-69E9-49CA-BC04-15E083E27230"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.8.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C02A1EA0-1AB6-4D3F-9295-CEE9FA48D6FD"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.8.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0247382E-5E59-4D86-8AD3-790E46FF4A1F"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAC82467-8528-458A-9AA8-9ADB42554F02"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.8.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1D64218-1FCC-4587-8839-B72C6681FBC1"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.8.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F387C3A-D7B2-4308-9CAE-9F425DDF3C34"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.8.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9523B97E-89F6-42AA-BF35-2F2D14111C5D"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.8.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C13577D8-DF81-4583-AE44-BDC28FC7FF90"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "035CB0CB-5BD9-49D5-AAFA-6FA6DE6A304B"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.9.1d:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E94EDC70-1E55-4EE0-9D4F-D651860A747E"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.9.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2286469A-B930-494E-A149-C93C002DE829"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.9.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFFA6DF0-48D2-4A74-B4A6-96461BCD2032"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.9.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDAFDE21-457F-4940-B5DA-C82BDE33E276"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.9.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DD0755D-F58B-4145-A415-423872DE2666"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.9.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75752F84-08E8-4CD9-84FA-6270D5D32B16"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.9.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "473AC1DE-E521-4281-8F9D-ED1402518644"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.9.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09447F81-211B-49E0-907E-4ECAD0F83883"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.9.5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3DA85BD-68AD-408E-8376-520896DF3E85"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.9.5.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A06908AC-9F4A-4FA5-BC70-73B9D65B6B3B"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:0.9.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A67B14D0-0824-417F-AB98-09FB0DB9DBF4"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:1.0:pre1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93070B16-C4EC-43C0-B7AC-780B0726E603"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:1.0:pre2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C2B2EBC-C594-422A-AFBF-E533449F06B6"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:1.0:pre4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D35FC9A-9B30-478A-81F7-282AE84FA331"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "41654280-40DE-4D8D-BB30-E4EB30B6C1CD"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "548B1801-0D47-4C9C-A408-3186189D1FF7"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:1.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F7508FC-2FA3-484A-98E7-F4B5436F1944"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:1.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "500BD528-099E-447D-BD5F-0D7AEA8540FA"}, {"criteria": "cpe:2.3:a:bcfg2:bcfg2:1.2:prerelease:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04CB1E12-2E59-42CE-AABE-CDC470A20B6E"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}