Vulnerability Details : CVE-2012-3537
The Crowbar Ohai plugin (chef/cookbooks/ohai/files/default/plugins/crowbar.rb) in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands via vectors related to "insecure handling of tmp files" and predictable file names.
Exploit prediction scoring system (EPSS) score for CVE-2012-3537
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-3537
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
CWE ids for CVE-2012-3537
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-3537
-
https://bugzilla.novell.com/show_bug.cgi?id=774967
Access Denied
-
http://www.openwall.com/lists/oss-security/2012/08/27/7
oss-security - Re: CVE request: crowbar ohai plugin: local privilege (root) escalation due to insecure tmp file handling
-
http://www.securityfocus.com/bid/55240
Dell 'Crowbar ohai' Plugin Local Privilege Escalation Vulnerability
-
https://github.com/dellcloudedge/barclamp-deployer/pull/57
Page not found · GitHub · GitHub
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/78041
Crowbar Ohai plugin privilege escalation CVE-2012-3537 Vulnerability Report
-
https://github.com/SUSE-Cloud/barclamp-deployer/commit/5ea8d4ddaa4cb1ce834d36889f0fe7ac0d617bc8
Page not found · GitHub · GitHubExploit;Patch
-
https://github.com/SUSE-Cloud/barclamp-deployer/commit/b6454268a067fc77ff5de82057b5b53b3cc38b87
Page not found · GitHub · GitHubExploit;Patch
-
http://www.openwall.com/lists/oss-security/2012/08/27/5
oss-security - CVE request: crowbar ohai plugin: local privilege (root) escalation due to insecure tmp file handling
Products affected by CVE-2012-3537
- cpe:2.3:a:dell:crowbar:*:*:*:*:*:*:*:*