CVE-2011-3211

EPSS 4.8%
Veröffentlicht 16.09.2011 12:35:13
Zuletzt bearbeitet 16.06.2026 23:32:53
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

The server in Bcfg2 1.1.2 and earlier, and 1.2 prerelease, allows remote attackers to execute arbitrary commands via shell metacharacters in data received from a client.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 17

NVD 49 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bcfg2 ≫ Bcfg2 Version <= 1.1.2

Bcfg2 ≫ Bcfg2 Version0.3.1

Bcfg2 ≫ Bcfg2 Version0.4

Bcfg2 ≫ Bcfg2 Version0.5

Bcfg2 ≫ Bcfg2 Version0.6

Bcfg2 ≫ Bcfg2 Version0.6.1

Bcfg2 ≫ Bcfg2 Version0.6.3

Bcfg2 ≫ Bcfg2 Version0.6.4

Bcfg2 ≫ Bcfg2 Version0.6.5

Bcfg2 ≫ Bcfg2 Version0.6.6

Bcfg2 ≫ Bcfg2 Version0.6.7

Bcfg2 ≫ Bcfg2 Version0.6.8

Bcfg2 ≫ Bcfg2 Version0.6.9

Bcfg2 ≫ Bcfg2 Version0.6.10

Bcfg2 ≫ Bcfg2 Version0.7.0

Bcfg2 ≫ Bcfg2 Version0.7.1

Bcfg2 ≫ Bcfg2 Version0.7.2

Bcfg2 ≫ Bcfg2 Version0.7.3

Bcfg2 ≫ Bcfg2 Version0.7.4

Bcfg2 ≫ Bcfg2 Version0.8.0

Bcfg2 ≫ Bcfg2 Version0.8.1

Bcfg2 ≫ Bcfg2 Version0.8.2

Bcfg2 ≫ Bcfg2 Version0.8.3

Bcfg2 ≫ Bcfg2 Version0.8.4

Bcfg2 ≫ Bcfg2 Version0.8.5

Bcfg2 ≫ Bcfg2 Version0.8.6.1

Bcfg2 ≫ Bcfg2 Version0.8.7

Bcfg2 ≫ Bcfg2 Version0.8.7.1

Bcfg2 ≫ Bcfg2 Version0.8.7.2

Bcfg2 ≫ Bcfg2 Version0.9.0

Bcfg2 ≫ Bcfg2 Version0.9.1d

Bcfg2 ≫ Bcfg2 Version0.9.2

Bcfg2 ≫ Bcfg2 Version0.9.3

Bcfg2 ≫ Bcfg2 Version0.9.4

Bcfg2 ≫ Bcfg2 Version0.9.5

Bcfg2 ≫ Bcfg2 Version0.9.5.1

Bcfg2 ≫ Bcfg2 Version0.9.5.2

Bcfg2 ≫ Bcfg2 Version0.9.5.3

Bcfg2 ≫ Bcfg2 Version0.9.5.5

Bcfg2 ≫ Bcfg2 Version0.9.5.7

Bcfg2 ≫ Bcfg2 Version0.9.6

Bcfg2 ≫ Bcfg2 Version1.0 Updatepre1

Bcfg2 ≫ Bcfg2 Version1.0 Updatepre2

Bcfg2 ≫ Bcfg2 Version1.0 Updatepre4

Bcfg2 ≫ Bcfg2 Version1.0.0

Bcfg2 ≫ Bcfg2 Version1.0.1

Bcfg2 ≫ Bcfg2 Version1.1.0

Bcfg2 ≫ Bcfg2 Version1.1.1

Bcfg2 ≫ Bcfg2 Version1.2 Updateprerelease

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.8%	0.908

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://article.gmane.org/gmane.comp.sysutils.bcfg2.devel/4318

Patch

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640028

Patch

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066070.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066071.html

http://openwall.com/lists/oss-security/2011/09/01/1

Patch

http://openwall.com/lists/oss-security/2011/09/06/1

Patch

http://secunia.com/advisories/45807

Vendor Advisory

http://secunia.com/advisories/45926

Vendor Advisory

http://secunia.com/advisories/46042

http://www.debian.org/security/2011/dsa-2302

http://www.securityfocus.com/bid/49414

https://bugzilla.redhat.com/show_bug.cgi?id=736279

Patch

https://github.com/solj/bcfg2/commit/46795ae451ca6ede55a0edeb726978aef4684b53

Patch

https://github.com/solj/bcfg2/commit/f4a35efec1b6a1e54d61cf1b8bfc83dd1d89eef7

Patch

https://nvd.nist.gov/vuln/detail/CVE-2011-3211

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-3211

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-3211

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2011-3211