Vulnerability CVE-2012-1095

Vulnerability Name:

CVE-2012-1095 (CCN-103013)

Assigned:

2012-02-28

Published:

2012-02-28

Updated:

2018-10-30

Summary:

osc before 0.134 might allow remote OBS repository servers or package maintainers to execute arbitrary commands via a crafted (1) build log or (2) build status that contains an escape sequence for a terminal emulator.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-264

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2012-1095

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2012:0400

Source: MLIST
Type: UNKNOWN
[oss-security] 20120228 Re: CVE Request (minor) -- osc: Improper sanitization of terminal emulator escape sequences when displaying build log and build status

Source: MLIST
Type: UNKNOWN
[oss-security] 20120228 CVE Request (minor) -- osc: Improper sanitization of terminal emulator escape sequences when displaying build log and build status

Source: MLIST
Type: UNKNOWN
[oss-security] 20120301 Re: Re: CVE Request (minor) -- osc: Improper sanitization of terminal emulator escape sequences when displaying build log and build status

Source: CCN
Type: Bugzilla - Bug 749335
osc doesn't stop terminal control sequences

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.novell.com/show_bug.cgi?id=749335

Source: CCN
Type: Red Hat Bugzilla - Bug 798353
osc: Improper sanitization of terminal emulator escape sequences when displaying build log and build status

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=798353

Source: XF
Type: UNKNOWN
osc-cve20121095-command-exec(103013)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2012-1095

Vulnerable Configuration:

Configuration 1:

cpe:/a:opensuse:osc:*:*:*:*:*:*:*:* (Version <= 0.133)

OR cpe:/o:opensuse:opensuse:11.4:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:12.1:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:opensuse:osc:0.133:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20121095	V	CVE-2012-1095	2022-09-02
oval:org.opensuse.security:def:930	P	Security update for s390-tools (Important) (in QA)	2022-06-13
oval:org.opensuse.security:def:1441	P	Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3) (Important)	2022-03-01
oval:org.opensuse.security:def:113075	P	osc-0.155.1-2.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:10443	P	Security update for SDL2 (Important) (in QA)	2022-01-12
oval:org.opensuse.security:def:9676	P	Security update for apache2 (Important) (in QA)	2022-01-10
oval:org.opensuse.security:def:9880	P	Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container (Important) (in QA)	2022-01-03
oval:org.opensuse.security:def:10434	P	Security update for go1.17 (Moderate)	2021-12-23
oval:org.opensuse.security:def:9630	P	Security update for python3 (Moderate)	2021-12-23
oval:org.opensuse.security:def:10706	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:9832	P	Security update for xorg-x11-server (Important)	2021-12-14
oval:org.opensuse.security:def:9422	P	Security update for java-1_8_0-openjdk (Important)	2021-11-23
oval:org.opensuse.security:def:10367	P	Security update for java-1_8_0-openjdk (Important)	2021-11-23
oval:org.opensuse.security:def:10364	P	Security update for java-11-openjdk (Important)	2021-11-16
oval:org.opensuse.security:def:9615	P	Security update for samba (Important)	2021-11-16
oval:org.opensuse.security:def:10171	P	Security update for MozillaFirefox (Important)	2021-11-10
oval:org.opensuse.security:def:9413	P	Security update for busybox (Important)	2021-10-27
oval:org.opensuse.security:def:9608	P	Security update for salt (Moderate)	2021-10-27
oval:org.opensuse.security:def:26156	P	Security update for open-lldp (Moderate)	2021-10-26
oval:org.opensuse.security:def:10165	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:9600	P	Security update for strongswan (Moderate)	2021-10-19
oval:org.opensuse.security:def:10158	P	Security update for grilo (Important)	2021-10-06
oval:org.opensuse.security:def:106512	P	osc-0.155.1-2.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:10342	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:10149	P	Security update for libesmtp (Important)	2021-09-03
oval:org.opensuse.security:def:9391	P	Security update for dovecot23 (Moderate)	2021-08-31
oval:org.opensuse.security:def:10143	P	Security update for openssl-1_1 (Important)	2021-08-24
oval:org.opensuse.security:def:11116	P	Security update for libhts (Low)	2021-08-22
oval:org.opensuse.security:def:10135	P	Security update for fetchmail (Moderate)	2021-08-20
oval:org.opensuse.security:def:9383	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:47780	P	libsaml8-2.5.5-3.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47452	P	openssh-7.2p2-69.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47912	P	update-alternatives-1.18.4-14.216 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47466	P	perl-HTML-Parser-3.71-1.145 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48004	P	expat-2.1.0-21.9.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47451	P	openslp-2.0.0-17.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47587	P	curl-7.60.0-2.11 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48152	P	libmusicbrainz4-2.1.5-27.79 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:9757	P	Security update for linuxptp (Important)	2021-07-27
oval:org.opensuse.security:def:26092	P	Security update for the Linux Kernel (Important)	2021-07-20
oval:org.opensuse.security:def:11094	P	Security update for live555 (Moderate)	2021-07-08
oval:org.opensuse.security:def:26081	P	Security update for libgcrypt (Important)	2021-06-24
oval:org.opensuse.security:def:10292	P	Security update for libgcrypt (Important)	2021-06-24
oval:org.opensuse.security:def:10681	P	Security update for gupnp (Important)	2021-06-24
oval:org.opensuse.security:def:9540	P	Security update for cryptctl (Important)	2021-06-23
oval:org.opensuse.security:def:26080	P	Security update for libnettle (Important)	2021-06-23
oval:org.opensuse.security:def:9738	P	Security update for wireshark (Important)	2021-06-22
oval:org.opensuse.security:def:10107	P	Security update for dovecot23 (Important)	2021-06-22
oval:org.opensuse.security:def:9347	P	Security update for squid (Important)	2021-06-11
oval:org.opensuse.security:def:9723	P	Security update for the Linux Kernel (Important)	2021-06-09
oval:org.opensuse.security:def:48512	P	libjpeg-turbo-1.3.1-30.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:63066	P	osc-0.162.1-1.30 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15683	P	osc-0.148.1-1.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:10273	P	Security update for gstreamer-plugins-bad (Important)	2021-06-08
oval:org.opensuse.security:def:48366	P	apache-commons-daemon-1.0.15-4.181 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16630	P	osc-0.162.1-15.6.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48577	P	mipv6d-2.0.2.umip.0.4-19.63 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:9521	P	Security update for pam_radius (Moderate)	2021-06-08
oval:org.opensuse.security:def:15876	P	osc-0.152.0-11.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48450	P	java-1_8_0-openjdk-1.8.0.101-14.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11408	P	libtasn1-3.7-2.13 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48608	P	python-pyOpenSSL-16.0.0-2.3.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:124636	P	osc-0.162.1-15.6.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16094	P	osc-0.152.0-11.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11430	P	pam-modules-12.1-23.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48679	P	lcms-1.19-17.31 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:1977	P	osc-0.162.1-1.30 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36531	P	osc-0.139.2-0.3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16344	P	osc-0.158.0-14.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:9328	P	Security update for graphviz (Critical)	2021-05-19
oval:org.opensuse.security:def:9511	P	Security update for graphviz (Critical)	2021-05-19
oval:org.opensuse.security:def:10082	P	Security update for graphviz (Critical)	2021-05-19
oval:org.opensuse.security:def:10258	P	Security update for the Linux Kernel (Important)	2021-05-18
oval:org.opensuse.security:def:9506	P	Security update for shim (Important)	2021-05-11
oval:org.opensuse.security:def:9498	P	Security update for bind (Important)	2021-05-04
oval:org.opensuse.security:def:9313	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:9691	P	Security update for sudo (Important)	2021-04-20
oval:org.opensuse.security:def:9489	P	Security update for xorg-x11-server (Important)	2021-04-14
oval:org.opensuse.security:def:9682	P	Security update for tomcat (Important)	2021-04-01
oval:org.opensuse.security:def:9857	P	Security update for postgresql12 (Moderate)	2021-03-03
oval:org.opensuse.security:def:9858	P	Security update for python-cryptography (Important)	2021-03-03
oval:org.opensuse.security:def:9459	P	Security update for grub2 (Important)	2021-03-02
oval:org.opensuse.security:def:10211	P	Security update for java-1_8_0-ibm (Important)	2021-03-01
oval:org.opensuse.security:def:9850	P	Security update for java-1_8_0-openjdk (Moderate)	2021-03-01
oval:org.opensuse.security:def:10392	P	Security update for screen (Important)	2021-02-17
oval:org.opensuse.security:def:9447	P	Security update for jasper (Important)	2021-02-16
oval:org.opensuse.security:def:9640	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:9704	P	Security update for ImageMagick (Moderate)	2021-01-18
oval:org.opensuse.security:def:4108	P	osc-0.162.1-15.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16944	P	osc-0.162.1-15.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:26506	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:10748	P	libjasper-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49882	P	osc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9198	P	mozilla-nspr-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49828	P	cups-ddk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27494	P	libtool on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10007	P	unzip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9899	P	libotr5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10831	P	osc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10572	P	mozilla-nss-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10456	P	java-1_7_1-ibm-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26284	P	Security update for taglib (Low)	2020-12-01
oval:org.opensuse.security:def:26657	P	LibVNCServer on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10757	P	libmikmod-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9220	P	perl-LWP-Protocol-https on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26798	P	pam_ldap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27529	P	osc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10449	P	graphite2-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9926	P	libtcnative-1-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9908	P	libproxy1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10457	P	java-1_8_0-ibm-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10587	P	polkit-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26365	P	Security update of chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26710	P	gnome-screensaver on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10770	P	libpacemaker-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9266	P	syslog-service on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26812	P	python-sssd-config on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9973	P	python-cupshelpers on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10559	P	libvirt-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9921	P	libsrtp1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10479	P	libXvMC-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10606	P	webkit2gtk3-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26422	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26759	P	libpng12-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26856	P	PackageKit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9988	P	ruby on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10581	P	osc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10809	P	libvorbis-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9190	P	logrotate on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10525	P	libopenssl-devel on GA media (Moderate)	2020-12-01
oval:com.ubuntu.precise:def:20121095000	V	CVE-2012-1095 on Ubuntu 12.04 LTS (precise) - low.	2014-02-06

BACK