Project

General

Custom queries

Profile

Actions
Copy link

Bug #14931

closed

CVE-2016-3728 - Arbitrary code execution via TFTP file variant parameter

Added by Dominic Cleal about 9 years ago. Updated almost 7 years ago.

Status:
Closed
Priority:
High
Assignee:
Lukas Zapletal
Category:
Security
Target version:
1.10.4
Difficulty:
Triaged:
Bugzilla link:
Pull request:
https://github.com/theforeman/smart-proxy/pull/415
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

An arbitrary code execution vulnerability has been reported in the TFTP module, where the variant part of the URL (/tftp/<variant>/<MAC>) is passed into eval().

https://github.com/theforeman/smart-proxy/blob/1.11.1/modules/tftp/tftp_api.rb#L17

Mitigation: ensure trusted_hosts is set to only authorise Foreman hosts to use the API, and preferably only use HTTPS for better authentication.

Affects Smart Proxy 0.2 or higher.

Thanks to Lukas Zapletal for reporting to , a CVE will be assigned shortly.

Actions
Copy link
 #2

Updated by Dominic Cleal about 9 years ago

  • Subject changed from Arbitrary code execution via TFTP file variant parameter to CVE-2016-3728 - Arbitrary code execution via TFTP file variant parameter

CVE-2016-3728 was assigned for this vulnerability.

Actions
Copy link
 #3

Updated by Anonymous about 9 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions
Copy link

Also available in: Atom PDF