CVE-2012-3366 - Actuated Hinge

Description

The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the UUID field to the server process (bcfg2-server).

Reference

http://secunia.com/advisories/49690 http://www.debian.org/security/2012/dsa-2503 http://www.securityfocus.com/bid/54217 http://permalink.gmane.org/gmane.comp.sysutils.bcfg2.devel/4539 https://github.com/Bcfg2/bcfg2/commit/a524967e8d5c4c22e49cd619aed20c87a316c0be http://secunia.com/advisories/49629 https://exchange.xforce.ibmcloud.com/vulnerabilities/76616