CVE-2011-3180
SUSE Studio Extension for System z 1.2,SUSE Studio Onsite 1.2 [Appliance - Studio]
CVE-2011-3180, security advisory, novell, suse linux, suse, security, cve

CVE-2011-3180

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2011-3180 at MITRE

Description

kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.48
Vector AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

This issue is currently rated as having critical severity.

SUSE Bugzilla entry: 725706 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Studio Onsite Runner 1.2
  • kiwi4 >= 4.85.1-0.22.9
  • kiwi4-desc-oemboot >= 4.85.1-0.22.9
  • kiwi4-desc-vmxboot >= 4.85.1-0.22.9
  • kiwi4-tools >= 4.85.1-0.22.9
  • susestudio >= 1.2.1-0.26.1
  • susestudio-common >= 1.2.1-0.26.1
  • susestudio-image-helpers >= 1.2.1-0.3.3
  • susestudio-runner >= 1.2.1-0.26.1
  • susestudio-ui-server >= 1.2.1-0.26.1
Patchnames:
slestso12-susestudio-201112
SUSE Studio Extension for System z 1.2
  • kiwi4 >= 4.85.1-0.22.9
  • kiwi4-desc-oemboot >= 4.85.1-0.22.9
  • kiwi4-desc-vmxboot >= 4.85.1-0.22.9
  • kiwi4-tools >= 4.85.1-0.22.9
  • susestudio >= 1.2.1-0.26.1
  • susestudio-common >= 1.2.1-0.26.1
  • susestudio-image-helpers >= 1.2.1-0.3.3
  • susestudio-runner >= 1.2.1-0.26.1
  • susestudio-ui-server >= 1.2.1-0.26.1
studioonsite1.2.x86-64
studioonsite1.2.s390x
SAT Patch Nr: 5535
SUSE Studio Onsite 1.2 [Appliance - Studio]
  • kiwi4 >= 4.85.1-0.22.9
  • kiwi4-desc-isoboot >= 4.85.1-0.22.9
  • kiwi4-desc-netboot >= 4.85.1-0.22.9
  • kiwi4-desc-oemboot >= 4.85.1-0.22.9
  • kiwi4-desc-vmxboot >= 4.85.1-0.22.9
  • kiwi4-doc >= 4.85.1-0.22.9
  • kiwi4-tools >= 4.85.1-0.22.9
  • susestudio >= 1.2.1-0.26.1
  • susestudio-clicfs >= 1.2.1-0.26.1
  • susestudio-common >= 1.2.1-0.26.1
  • susestudio-image-helpers >= 1.2.1-0.3.3
  • susestudio-parted >= 1.2.1-0.26.1
  • susestudio-rmds >= 1.2.1-0.26.1
  • susestudio-runner >= 1.2.1-0.26.1
  • susestudio-squashfs >= 1.2.1-0.26.1
  • susestudio-thoth >= 1.2.1-0.26.1
  • susestudio-ui-server >= 1.2.1-0.26.1
studioonsite1.2.x86-64
studioonsite1.2.s390x
SAT Patch Nr: 5535