Bug 1269588 (CVE-2015-7544)
Summary: | CVE-2015-7544 redhat-support-plugin-rhev: Remote code execution by SuperUser role on hosts in RHEV | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | acathrow, bazulay, bmcclain, dblechte, gklein, gscott, idith, iheim, lsurette, michal.skrivanek, rbalakri, security-response-team, sshumake, yeylon, ykaul |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
It was found that redhat-support-plugin-rhev passed a user-specified path and file name directly to the command line in the log viewer component. This could allow users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2016-03-09 21:45:04 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1313073, 1313074 | ||
Bug Blocks: | 1269590 |
Description
Adam Mariš
2015-10-07 15:59:03 UTC
Workaround: Removing the log viewer plugin will prevent exploitation of this issue. This issue has been addressed in the following products: RHEV Manager version 3.6 Via RHSA-2016:0426 https://rhn.redhat.com/errata/RHSA-2016-0426.html This functionality was added in commit b1db7cc89ac3da23c72dc97844f8be26f54973d2 on Fri Apr 18 09:32:12 2014 which was introduced in RHEV 3.4, and then removed in RHEV 3.6. Acknowledgments: Name: Alexander Wels (Red Hat) |