Actions
Bug #14931
closedCVE-2016-3728 - Arbitrary code execution via TFTP file variant parameter
Description
An arbitrary code execution vulnerability has been reported in the TFTP module, where the variant part of the URL (/tftp/<variant>/<MAC>) is passed into eval().
https://github.com/theforeman/smart-proxy/blob/1.11.1/modules/tftp/tftp_api.rb#L17
Mitigation: ensure trusted_hosts is set to only authorise Foreman hosts to use the API, and preferably only use HTTPS for better authentication.
Affects Smart Proxy 0.2 or higher.
Thanks to Lukas Zapletal for reporting to foreman-security@googlegroups.com, a CVE will be assigned shortly.
Updated by The Foreman Bot over 8 years ago
- Status changed from Assigned to Ready For Testing
- Pull request https://github.com/theforeman/smart-proxy/pull/415 added
Updated by Dominic Cleal over 8 years ago
- Subject changed from Arbitrary code execution via TFTP file variant parameter to CVE-2016-3728 - Arbitrary code execution via TFTP file variant parameter
CVE-2016-3728 was assigned for this vulnerability.
Updated by Anonymous over 8 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset eef532aa668d656b9d61d9c6edf7c2505f3f43c7.
Updated by Dominic Cleal over 8 years ago
- Translation missing: en.field_release set to 152
Actions