FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

osc -- shell command injection via crafted _service files

Affected packages
osc < 0.151.0

Details

VuXML ID f450587b-d7bd-11e4-b5a4-14dae9d5a9d2
Discovery 2015-03-16
Entry 2015-03-31

SUSE Security Update reports:

osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file.

References

CVE Name CVE-2015-0778
URL http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00012.html
URL https://bugzilla.suse.com/show_bug.cgi?id=901643
URL https://www.suse.com/security/cve/CVE-2015-0778.html