Bug #14931

CVE-2016-3728 - Arbitrary code execution via TFTP file variant parameter

Added by Dominic Cleal 11 months ago. Updated 11 months ago.

Status:Closed
Priority:High
Assigned To:Lukas Zapletal
Category:Security
Target version:-
Difficulty: Bugzilla link:
Found in release: Pull request:https://github.com/theforeman/smart-proxy/pull/415
Story points-
Velocity based estimate-
Release1.10.4Release relationshipAuto

Description

An arbitrary code execution vulnerability has been reported in the TFTP module, where the variant part of the URL (/tftp/<variant>/<MAC>) is passed into eval().

https://github.com/theforeman/smart-proxy/blob/1.11.1/modules/tftp/tftp_api.rb#L17

Mitigation: ensure trusted_hosts is set to only authorise Foreman hosts to use the API, and preferably only use HTTPS for better authentication.

Affects Smart Proxy 0.2 or higher.

Thanks to Lukas Zapletal for reporting to , a CVE will be assigned shortly.

Associated revisions

Revision eef532aa
Added by Lukas Zapletal 11 months ago

Fixes #14931 - TFTP class instantiating fixed

History

#1 Updated by The Foreman Bot 11 months ago

  • Status changed from Assigned to Ready For Testing
  • Pull request https://github.com/theforeman/smart-proxy/pull/415 added

#2 Updated by Dominic Cleal 11 months ago

  • Subject changed from Arbitrary code execution via TFTP file variant parameter to CVE-2016-3728 - Arbitrary code execution via TFTP file variant parameter

CVE-2016-3728 was assigned for this vulnerability.

#3 Updated by Anonymous 11 months ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#4 Updated by Dominic Cleal 11 months ago

  • Release set to 1.10.4

Also available in: Atom PDF