CVE-2012-3537
CVE-2012-3537
The Crowbar Ohai plugin (chef/cookbooks/ohai/files/default/plugins/crowbar.rb) in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands via vectors related to "insecure handling of tmp files" and predictable file names.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://osvdb.org/84955https://bugzilla.novell.com/show_bug.cgi?id=774967http://secunia.com/advisories/50442https://exchange.xforce.ibmcloud.com/vulnerabilities/78041https://github.com/dellcloudedge/barclamp-deployer/pull/57https://github.com/SUSE-Cloud/barclamp-deployer/commit/5ea8d4ddaa4cb1ce834d36889f0fe7ac0d617bc8https://github.com/SUSE-Cloud/barclamp-deployer/commit/b6454268a067fc77ff5de82057b5b53b3cc38b87http://www.openwall.com/lists/oss-security/2012/08/27/5http://www.openwall.com/lists/oss-security/2012/08/27/7http://www.securityfocus.com/bid/55240