CVE-2016-3728 - Arbitrary code execution via TFTP file variant parameter
|Assigned To:||Lukas Zapletal|
|Found in release:||Pull request:||https://github.com/theforeman/smart-proxy/pull/415|
|Velocity based estimate||-|
An arbitrary code execution vulnerability has been reported in the TFTP module, where the variant part of the URL (/tftp/<variant>/<MAC>) is passed into eval().
Mitigation: ensure trusted_hosts is set to only authorise Foreman hosts to use the API, and preferably only use HTTPS for better authentication.
Affects Smart Proxy 0.2 or higher.
Thanks to Lukas Zapletal for reporting to email@example.com, a CVE will be assigned shortly.