Arbitrary Command Execution via Path Manipulation in Kiwi

Arbitrary Command Execution via Path Manipulation in Kiwi

CVE-2011-3180 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown.

Learn more about our Cis Benchmark Audit For Suse Linux Enterprise Server.