Oval Definition:	oval:org.mitre.oval:def:15131
Revision Date: 2014-06-23 Version: 19 Title: DSA-2302-1 bcfg2 -- missing input sanitisation Description: It has been discovered that the bcfg2 server, a configuration management server for bcfg2 clients, is not properly sanitising input from bcfg2 clients before passing it to various shell commands. This enables an attacker in control of a bcfg2 client to execute arbitrary commands on the server with root privileges. Family: unix Class: patch Status: ACCEPTED Reference(s): CVE-2011-3211 DSA-2302-1 Platform(s): Debian GNU/kFreeBSD 6.0 Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Product(s): bcfg2 Definition Synopsis Release section Debian GNU/Linux 5.0 is installed AND Installed architecture is all AND bcfg2 DPKG is earlier than 0.9.5.7-1.1+lenny1 OR Release section Debian 6.0 is installed AND GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed OR Debian GNU/kFreeBSD is installed AND Installed architecture is all AND bcfg2 DPKG is earlier than 1.0.1-3+squeeze1
BACK