CVE-2011-3211

Published: 16 September 2011

The server in Bcfg2 1.1.2 and earlier, and 1.2 prerelease, allows remote attackers to execute arbitrary commands via shell metacharacters in data received from a client.

Priority

Status

Package	Release	Status
bcfg2 Launchpad, Ubuntu, Debian	hardy	Released (0.9.5.7-1ubuntu0.1)
	lucid	Released (0.9.6-0ubuntu2.1.10.04.1)
	maverick	Released (0.9.6-0ubuntu2.1.10.10.1)
	natty	Released (1.1.1-2ubuntu1.2)
	upstream	Released (1.1.2-2)
	Patches: other: https://bugs.launchpad.net/ubuntu/+source/bcfg2/+bug/844743 upstream: https://github.com/solj/bcfg2/commit/f4a35efec1b6a1e54d61cf1b8bfc83dd1 upstream: https://github.com/fabaff/bcfg2/commit/46795ae451ca6ede55a0edeb726978aef4684b53

References

https://www.cve.org/CVERecord?id=CVE-2011-3211
NVD
Launchpad
Debian

Bugs

https://bugs.launchpad.net/ubuntu/+source/bcfg2/+bug/844743
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640028

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›