Vulnerability Details CVE-2012-3537
The Crowbar Ohai plugin (chef/cookbooks/ohai/files/default/plugins/crowbar.rb) in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands via vectors related to "insecure handling of tmp files" and predictable file names.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.0%
CVSS Severity
CVSS v2 Score 4.6
References
- http://osvdb.org/84955
- http://secunia.com/advisories/50442
- http://www.openwall.com/lists/oss-security/2012/08/27/5
- http://www.openwall.com/lists/oss-security/2012/08/27/7
- http://www.securityfocus.com/bid/55240
- https://bugzilla.novell.com/show_bug.cgi?id=774967
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78041
- https://github.com/SUSE-Cloud/barclamp-deployer/commit/5ea8d4ddaa4cb1ce834d36889f0fe7ac0d617bc8
- https://github.com/SUSE-Cloud/barclamp-deployer/commit/b6454268a067fc77ff5de82057b5b53b3cc38b87
- https://github.com/dellcloudedge/barclamp-deployer/pull/57
- http://osvdb.org/84955
- http://secunia.com/advisories/50442
- http://www.openwall.com/lists/oss-security/2012/08/27/5
- http://www.openwall.com/lists/oss-security/2012/08/27/7
- http://www.securityfocus.com/bid/55240
- https://bugzilla.novell.com/show_bug.cgi?id=774967
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78041
- https://github.com/SUSE-Cloud/barclamp-deployer/commit/5ea8d4ddaa4cb1ce834d36889f0fe7ac0d617bc8
- https://github.com/SUSE-Cloud/barclamp-deployer/commit/b6454268a067fc77ff5de82057b5b53b3cc38b87
- https://github.com/dellcloudedge/barclamp-deployer/pull/57