CVE-2011-3180

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2011-3180 at MITRE

Description

kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown.
CVSS v2 Scores
  National Vulnerability Database
Base Score 7.48
Vector AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

SUSE information

SUSE Bugzilla entry: 725706 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Studio Extension for System z 1.2
  • kiwi4 >= 4.85.1-0.22.9
  • kiwi4-desc-oemboot >= 4.85.1-0.22.9
  • kiwi4-desc-vmxboot >= 4.85.1-0.22.9
  • kiwi4-tools >= 4.85.1-0.22.9
  • susestudio >= 1.2.1-0.26.1
  • susestudio-common >= 1.2.1-0.26.1
  • susestudio-image-helpers >= 1.2.1-0.3.3
  • susestudio-runner >= 1.2.1-0.26.1
  • susestudio-ui-server >= 1.2.1-0.26.1
studioonsite1.2.x86-64
studioonsite1.2.s390x
SAT Patch Nr: 5535
SUSE Studio Onsite 1.2 [Appliance - Studio]
  • kiwi4 >= 4.85.1-0.22.9
  • kiwi4-desc-isoboot >= 4.85.1-0.22.9
  • kiwi4-desc-netboot >= 4.85.1-0.22.9
  • kiwi4-desc-oemboot >= 4.85.1-0.22.9
  • kiwi4-desc-vmxboot >= 4.85.1-0.22.9
  • kiwi4-doc >= 4.85.1-0.22.9
  • kiwi4-tools >= 4.85.1-0.22.9
  • susestudio >= 1.2.1-0.26.1
  • susestudio-clicfs >= 1.2.1-0.26.1
  • susestudio-common >= 1.2.1-0.26.1
  • susestudio-image-helpers >= 1.2.1-0.3.3
  • susestudio-parted >= 1.2.1-0.26.1
  • susestudio-rmds >= 1.2.1-0.26.1
  • susestudio-runner >= 1.2.1-0.26.1
  • susestudio-squashfs >= 1.2.1-0.26.1
  • susestudio-thoth >= 1.2.1-0.26.1
  • susestudio-ui-server >= 1.2.1-0.26.1
studioonsite1.2.x86-64
studioonsite1.2.s390x
SAT Patch Nr: 5535