Arbitrary Command Execution Vulnerability in Kiwi for SUSE Studio Products
CVE-2011-4192

Currently unrated

Key Information:

Vendor: Suse
Status: Studio Extension For System Z; Kiwi; Studio Onsite
Vendor: CVE Published:; 16 April 2014

Summary

A vulnerability in Kiwi prior to version 4.85.1, as utilized in SUSE Studio Onsite 1.2 and the SUSE Studio Extension for System z, permits attackers to execute arbitrary commands on the host system. This exploitation can occur through crafted input, specifically targeting the 'kiwi_oemtitle' in the '.profile' file. Proper access controls and input validation need to be enforced to mitigate this threat effectively.

References

http://lists.opensuse.org/opensuse-security-announce/2011...

vendor-advisoryx_refsource_SUSE

Timeline

Vulnerability published
Apr 16, 2014
Vulnerability Reserved
Oct 25, 2011