Shell Metacharacter Injection in Kiwi by SUSE
CVE-2011-3180

Currently unrated

Key Information:

Vendor

Suse
Status
Studio Extension For System Z
Studio Onsite
Kiwi
Vendor
CVE Published:
16 April 2014

What is CVE-2011-3180?

A vulnerability exists in Kiwi that allows an attacker to execute arbitrary commands by manipulating shell metacharacters in the path of an overlay file. This affects versions of Kiwi prior to 4.98.08, as well as SUSE Studio Onsite and SUSE Studio Extension for System z versions prior to their respective 1.2.1 updates. This issue poses a significant risk, as it enables unauthorized command execution, bypassing typical security controls.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.openwall.com/lists/oss-security/2011/11/02/4
mailing-listx_refsource_MLIST
https://github.com/openSUSE/kiwi/commit/f0f74b3f6ac6d47f7...
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2011...
vendor-advisoryx_refsource_SUSE

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.