CVE-2011-3211 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:C/I:C/A:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 84%

Affected Products (NVD)

Vendor	Product	Version
bcfg2	bcfg2	𝑥 ≤ 1.1.2
bcfg2	bcfg2	0.3.1
bcfg2	bcfg2	0.4
bcfg2	bcfg2	0.5
bcfg2	bcfg2	0.6
bcfg2	bcfg2	0.6.1
bcfg2	bcfg2	0.6.3
bcfg2	bcfg2	0.6.4
bcfg2	bcfg2	0.6.5
bcfg2	bcfg2	0.6.6
bcfg2	bcfg2	0.6.7
bcfg2	bcfg2	0.6.8
bcfg2	bcfg2	0.6.9
bcfg2	bcfg2	0.6.10
bcfg2	bcfg2	0.7.0
bcfg2	bcfg2	0.7.1
bcfg2	bcfg2	0.7.2
bcfg2	bcfg2	0.7.3
bcfg2	bcfg2	0.7.4
bcfg2	bcfg2	0.8.0
bcfg2	bcfg2	0.8.1
bcfg2	bcfg2	0.8.2
bcfg2	bcfg2	0.8.3
bcfg2	bcfg2	0.8.4
bcfg2	bcfg2	0.8.5
bcfg2	bcfg2	0.8.6.1
bcfg2	bcfg2	0.8.7
bcfg2	bcfg2	0.8.7.1
bcfg2	bcfg2	0.8.7.2
bcfg2	bcfg2	0.9.0
bcfg2	bcfg2	0.9.1d:d
bcfg2	bcfg2	0.9.2
bcfg2	bcfg2	0.9.3
bcfg2	bcfg2	0.9.4
bcfg2	bcfg2	0.9.5
bcfg2	bcfg2	0.9.5.1
bcfg2	bcfg2	0.9.5.2
bcfg2	bcfg2	0.9.5.3
bcfg2	bcfg2	0.9.5.5
bcfg2	bcfg2	0.9.5.7
bcfg2	bcfg2	0.9.6
bcfg2	bcfg2	1.0:pre1
bcfg2	bcfg2	1.0:pre2
bcfg2	bcfg2	1.0:pre4
bcfg2	bcfg2	1.0.0
bcfg2	bcfg2	1.0.1
bcfg2	bcfg2	1.1.0
bcfg2	bcfg2	1.1.1
bcfg2	bcfg2	1.2:prerelease

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

bcfg2

hardy	Fixed 0.9.5.7-1ubuntu0.1 released
lucid	Fixed 0.9.6-0ubuntu2.1.10.04.1 released
maverick	Fixed 0.9.6-0ubuntu2.1.10.10.1 released
natty	Fixed 1.1.1-2ubuntu1.2 released

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://article.gmane.org/gmane.comp.sysutils.bcfg2.devel/4318

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640028

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066070.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066071.html

http://openwall.com/lists/oss-security/2011/09/01/1

http://openwall.com/lists/oss-security/2011/09/06/1

http://secunia.com/advisories/45807

http://secunia.com/advisories/45926

http://secunia.com/advisories/46042

http://www.debian.org/security/2011/dsa-2302

http://www.securityfocus.com/bid/49414

https://bugzilla.redhat.com/show_bug.cgi?id=736279

https://github.com/solj/bcfg2/commit/46795ae451ca6ede55a0edeb726978aef4684b53

https://github.com/solj/bcfg2/commit/f4a35efec1b6a1e54d61cf1b8bfc83dd1d89eef7

http://article.gmane.org/gmane.comp.sysutils.bcfg2.devel/4318

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640028

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066070.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066071.html

http://openwall.com/lists/oss-security/2011/09/01/1

http://openwall.com/lists/oss-security/2011/09/06/1

http://secunia.com/advisories/45807

http://secunia.com/advisories/45926

http://secunia.com/advisories/46042

http://www.debian.org/security/2011/dsa-2302

http://www.securityfocus.com/bid/49414

https://bugzilla.redhat.com/show_bug.cgi?id=736279

https://github.com/solj/bcfg2/commit/46795ae451ca6ede55a0edeb726978aef4684b53

https://github.com/solj/bcfg2/commit/f4a35efec1b6a1e54d61cf1b8bfc83dd1d89eef7