Local Command Execution Vulnerability in Crowbar Ohai Plugin by SUSE
CVE-2012-3537

Currently unrated

Key Information:

Vendor: Dell
Status: Crowbar
Vendor: CVE Published:; 5 September 2012

Summary

The Crowbar Ohai plugin has a vulnerability that allows local users to execute arbitrary shell commands due to improper handling of temporary files and predictable file names. Versions 1.4 and earlier of the Deployer Barclamp are particularly susceptible. This flaw opens the door for potential exploitation, leading to unauthorized access and privilege escalation for malicious users.

References

https://github.com/SUSE-Cloud/barclamp-deployer/commit/5e...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/78041

vdb-entryx_refsource_XF

http://www.openwall.com/lists/oss-security/2012/08/27/7

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Sep 5, 2012
Vulnerability Reserved
Jun 14, 2012