Details of VAR-201209-0147

ID

VAR-201209-0147

CVE

CVE-2012-3537

TITLE

Crowbar of Deployer Barclamp Vulnerable to arbitrary shell command execution

Trust: 0.8

sources: JVNDB: JVNDB-2012-004097

DESCRIPTION

The Crowbar Ohai plugin (chef/cookbooks/ohai/files/default/plugins/crowbar.rb) in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands via vectors related to "insecure handling of tmp files" and predictable file names. An attacker can exploit this issue to execute arbitrary code with elevated privileges. Successful exploits will result in the complete compromise of affected computers. ---------------------------------------------------------------------- The new Secunia CSI 6.0 is now available in beta! Seamless integration with your existing security solutions Sign-up to become a Beta tester: http://secunia.com/csi6beta ---------------------------------------------------------------------- TITLE: Crowbar Ohai Plugin Insecure Temporary Files Security Issue SECUNIA ADVISORY ID: SA50442 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50442/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50442 RELEASE DATE: 2012-08-28 DISCUSS ADVISORY: http://secunia.com/advisories/50442/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50442/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50442 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Crowbar, which can be exploited by malicious, local users to gain escalated privileges. SOLUTION: Fixed in the Git repository. PROVIDED AND/OR DISCOVERED BY: Thomas Biege, SUSE ORIGINAL ADVISORY: http://seclists.org/oss-sec/2012/q3/302 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2012-3537 // JVNDB: JVNDB-2012-004097 // BID: 55240 // VULHUB: VHN-56818 // PACKETSTORM: 115954

AFFECTED PRODUCTS

vendor:	dell	model:	crowbar	scope:	lte	version:	1.4	Trust: 1.8
vendor:	dell	model:	crowbar	scope:	eq	version:	1.4	Trust: 0.6

sources: JVNDB: JVNDB-2012-004097 // CNNVD: CNNVD-201208-571 // NVD: CVE-2012-3537

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-3537
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-3537
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201208-571
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-56818
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-3537
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-56818
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-56818 // JVNDB: JVNDB-2012-004097 // CNNVD: CNNVD-201208-571 // NVD: CVE-2012-3537

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-56818 // JVNDB: JVNDB-2012-004097 // NVD: CVE-2012-3537

THREAT TYPE

local

Trust: 1.0

sources: BID: 55240 // PACKETSTORM: 115954 // CNNVD: CNNVD-201208-571

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201208-571

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-004097

PATCH

title:	dellcloudedge / barclamp - deployer - Pull in a SUSE fix for operations around discovering networking - security fix and some flow fixes	url:	https://github.com/dellcloudedge/barclamp-deployer/pull/57	Trust: 0.8
title:	SUSE-Cloud / barclamp-deployer - use secure state/tmp dir for crowbar ohai dir (bnc#774967)	url:	https://github.com/SUSE-Cloud/barclamp-deployer/commit/b6454268a067fc77ff5de82057b5b53b3cc38b8	Trust: 0.8
title:	SUSE-Cloud / barclamp-deployer - Fix vulnerability caused by predictable pathnames for tcpdump packet …	url:	https://github.com/SUSE-Cloud/barclamp-deployer/commit/5ea8d4ddaa4cb1ce834d36889f0fe7ac0d617bc8	Trust: 0.8
title:	dellcloudedge / crowbar	url:	https://github.com/dellcloudedge/crowbar	Trust: 0.8
title:	horizon-2012.1	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=44495	Trust: 0.6

sources: JVNDB: JVNDB-2012-004097 // CNNVD: CNNVD-201208-571

EXTERNAL IDS

db:	NVD	id:	CVE-2012-3537	Trust: 2.8
db:	BID	id:	55240	Trust: 2.0
db:	SECUNIA	id:	50442	Trust: 1.8
db:	OSVDB	id:	84955	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2012/08/27/7	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2012/08/27/5	Trust: 1.7
db:	JVNDB	id:	JVNDB-2012-004097	Trust: 0.8
db:	XF	id:	78041	Trust: 0.6
db:	MLIST	id:	[OSS-SECURITY] 20120827 RE: CVE REQUEST: CROWBAR OHAI PLUGIN: LOCAL PRIVILEGE (ROOT) ESCALATION DUE TO INSECURE TMP FILE HANDLING	Trust: 0.6
db:	MLIST	id:	[OSS-SECURITY] 20120827 CVE REQUEST: CROWBAR OHAI PLUGIN: LOCAL PRIVILEGE (ROOT) ESCALATION DUE TO INSECURE TMP FILE HANDLING	Trust: 0.6
db:	CNNVD	id:	CNNVD-201208-571	Trust: 0.6
db:	VULHUB	id:	VHN-56818	Trust: 0.1
db:	PACKETSTORM	id:	115954	Trust: 0.1

sources: VULHUB: VHN-56818 // BID: 55240 // JVNDB: JVNDB-2012-004097 // PACKETSTORM: 115954 // CNNVD: CNNVD-201208-571 // NVD: CVE-2012-3537

REFERENCES

url:	http://www.securityfocus.com/bid/55240	Trust: 1.7
url:	https://github.com/dellcloudedge/barclamp-deployer/pull/57	Trust: 1.7
url:	https://bugzilla.novell.com/show_bug.cgi?id=774967	Trust: 1.7
url:	https://github.com/suse-cloud/barclamp-deployer/commit/5ea8d4ddaa4cb1ce834d36889f0fe7ac0d617bc8	Trust: 1.7
url:	https://github.com/suse-cloud/barclamp-deployer/commit/b6454268a067fc77ff5de82057b5b53b3cc38b87	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2012/08/27/5	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2012/08/27/7	Trust: 1.7
url:	http://osvdb.org/84955	Trust: 1.7
url:	http://secunia.com/advisories/50442	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/78041	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3537	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3537	Trust: 0.8
url:	http://cloud.watch.impress.co.jp/docs/news/20120903_557204.html	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/78041	Trust: 0.6
url:	http://secunia.com/advisories/50442/#comments	Trust: 0.1
url:	http://seclists.org/oss-sec/2012/q3/302	Trust: 0.1
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.1
url:	http://secunia.com/advisories/50442/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/csi6beta	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=50442	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-56818 // JVNDB: JVNDB-2012-004097 // PACKETSTORM: 115954 // CNNVD: CNNVD-201208-571 // NVD: CVE-2012-3537

CREDITS

Thomas Biege

Trust: 0.3

sources: BID: 55240

SOURCES

db:	VULHUB	id:	VHN-56818
db:	BID	id:	55240
db:	JVNDB	id:	JVNDB-2012-004097
db:	PACKETSTORM	id:	115954
db:	CNNVD	id:	CNNVD-201208-571
db:	NVD	id:	CVE-2012-3537

LAST UPDATE DATE

2025-04-11T22:59:15.718000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-56818	date:	2017-08-29T00:00:00
db:	BID	id:	55240	date:	2012-08-28T00:00:00
db:	JVNDB	id:	JVNDB-2012-004097	date:	2012-09-07T00:00:00
db:	CNNVD	id:	CNNVD-201208-571	date:	2012-08-30T00:00:00
db:	NVD	id:	CVE-2012-3537	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-56818	date:	2012-09-05T00:00:00
db:	BID	id:	55240	date:	2012-08-28T00:00:00
db:	JVNDB	id:	JVNDB-2012-004097	date:	2012-09-07T00:00:00
db:	PACKETSTORM	id:	115954	date:	2012-08-28T06:01:00
db:	CNNVD	id:	CNNVD-201208-571	date:	2012-08-30T00:00:00
db:	NVD	id:	CVE-2012-3537	date:	2012-09-05T23:55:02.380