Arbitrary Shell Command Execution Vulnerability in Crowbar Deployer Barclamp

Arbitrary Shell Command Execution Vulnerability in Crowbar Deployer Barclamp

CVE-2012-3537 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

The Crowbar Ohai plugin (chef/cookbooks/ohai/files/default/plugins/crowbar.rb) in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands via vectors related to "insecure handling of tmp files" and predictable file names.

Learn more about our User Device Pen Test.