Bug #14931: CVE-2016-3728 - Arbitrary code execution via TFTP file variant parameter - Smart Proxy - Foreman

Actions

Copy link

Bug #14931

closed

CVE-2016-3728 - Arbitrary code execution via TFTP file variant parameter

Added by Dominic Cleal over 8 years ago. Updated over 6 years ago.

Status:

Closed

Priority:

High

Assignee:

Lukas Zapletal

Category:

Security

Target version:

1.10.4

Difficulty:

Triaged:

Bugzilla link:

Pull request:

https://github.com/theforeman/smart-proxy/pull/415

Fixed in Releases:

Found in Releases:

Red Hat JIRA:

Description

An arbitrary code execution vulnerability has been reported in the TFTP module, where the variant part of the URL (/tftp/<variant>/<MAC>) is passed into eval().

https://github.com/theforeman/smart-proxy/blob/1.11.1/modules/tftp/tftp_api.rb#L17

Mitigation: ensure trusted_hosts is set to only authorise Foreman hosts to use the API, and preferably only use HTTPS for better authentication.

Affects Smart Proxy 0.2 or higher.

Thanks to Lukas Zapletal for reporting to foreman-security@googlegroups.com, a CVE will be assigned shortly.

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Foreman » Smart Proxy

Custom queries

Bug #14931

CVE-2016-3728 - Arbitrary code execution via TFTP file variant parameter

Updated by The Foreman Bot over 8 years ago

Updated by Dominic Cleal over 8 years ago

Updated by Anonymous over 8 years ago

Updated by Dominic Cleal over 8 years ago