Shell Command Injection Vulnerability in kiwi by SUSE
CVE-2011-4195

Currently unrated

Key Information:

Vendor: Suse
Status: Studio Extension For System Z; Studio Onsite; Kiwi
Vendor: CVE Published:; 16 April 2014

Summary

The vulnerability in kiwi allows attackers to execute arbitrary commands by injecting shell metacharacters within an image name. This weakness can lead to unauthorized command execution, potentially compromising the integrity of the system. It affects versions of kiwi prior to 4.98.05, as well as earlier versions of SUSE Studio Onsite and SUSE Studio Extension for System z. Users are encouraged to apply necessary updates to mitigate the risks associated with this vulnerability.

References

http://www.openwall.com/lists/oss-security/2011/11/02/4

mailing-listx_refsource_MLIST

https://github.com/openSUSE/kiwi/commit/88bf491d169427660...

x_refsource_CONFIRM

http://lists.opensuse.org/opensuse-security-announce/2011...

vendor-advisoryx_refsource_SUSE

Timeline

Vulnerability published
Apr 16, 2014
Vulnerability Reserved
Oct 25, 2011