Package: bcfg2-server Version: 1.1.2-1 Severity: critical Tags: security pending patch
All released stable versions of the bcfg2-server contain several cases where data from the client is used in a shell command without properly escaping it first. The 1.2 prerelease series has been fixed. At least the SSHbase plugin has been confirmed as being exploitable. This is a remote root hole, which requires that the SSHbase plugin is enabled and that the attacker has control of a bcfg2 client machine. See https://github.com/solj/bcfg2/commit/f4a35efec1b6a1e54d61cf1b8bfc83dd1d89eef7 for the original security fix, and https://github.com/solj/bcfg2/commit/46795ae451ca6ede55a0edeb726978aef4684b53 for the backport to the 1.1 series. -- Arto Jantunen -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
