Kiwi Multiple Shell Command Injection, Shell Command Execution and HTML Injection Vulnerabilities
BID:51096
Info
Kiwi Multiple Shell Command Injection, Shell Command Execution and HTML Injection Vulnerabilities
| Bugtraq ID: | 51096 |
| Class: | Input Validation Error |
| CVE: |
CVE-2011-3180 CVE-2011-4192 CVE-2011-4193 CVE-2011-4195 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 16 2011 12:00AM |
| Updated: | Dec 16 2011 12:00AM |
| Credit: | SuSE |
| Vulnerable: |
SuSE Studio Onsite 1.2 SuSE Studio Extension for System z 1.2 KIWI Image System KIWI Image System 0 |
| Not Vulnerable: | |
Discussion
Kiwi Multiple Shell Command Injection, Shell Command Execution and HTML Injection Vulnerabilities
Kiwi is prone to multiple remote vulnerabilities, including:
1. An HTML Injection vulnerability.
2. A Remote command-execution vulnerability.
3. Multiple command injection vulnerabilities.
An attacker can exploit these issues to execute arbitrary script code within the context of the browser, steal cookie-based authentication credentials, and execute arbitrary shell commands within the context of the webserver.
Kiwi is prone to multiple remote vulnerabilities, including:
1. An HTML Injection vulnerability.
2. A Remote command-execution vulnerability.
3. Multiple command injection vulnerabilities.
An attacker can exploit these issues to execute arbitrary script code within the context of the browser, steal cookie-based authentication credentials, and execute arbitrary shell commands within the context of the webserver.
Exploit / POC
Kiwi Multiple Shell Command Injection, Shell Command Execution and HTML Injection Vulnerabilities
Attackers can use a browser to exploit some of these issues.
Currently we are not aware of any working exploits for the remote code-execution issues. If you feel we are in error or if you are aware of more recent information, please mail us at:[email protected]
Attackers can use a browser to exploit some of these issues.
Currently we are not aware of any working exploits for the remote code-execution issues. If you feel we are in error or if you are aware of more recent information, please mail us at:[email protected]
Solution / Fix
Kiwi Multiple Shell Command Injection, Shell Command Execution and HTML Injection Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Kiwi Multiple Shell Command Injection, Shell Command Execution and HTML Injection Vulnerabilities
References:
References:
- SUSE Studio Onsite Homepage (SUSE)
- Vendor Homepage (Kiwi)