Bug 1333378 (CVE-2016-3728)
| Summary: | CVE-2016-3728 foreman: Missing input validation in Smart Proxy allows RCE via TFTP file variant parameter | |||
|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> | |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | |
| Status: | CLOSED ERRATA | QA Contact: | ||
| Severity: | medium | Docs Contact: | ||
| Priority: | medium | |||
| Version: | unspecified | CC: | abaron, aortega, apevec, ayoung, bkearney, cbillett, chrisw, jschluet, lhh, lpeer, markmc, mburns, mmccune, ohadlevy, rbryant, rhos-maint, satellite6-bugs, sclewis, sisharma, srevivo, tdecacqu, tjay, tlestach | |
| Target Milestone: | --- | Keywords: | Security | |
| Target Release: | --- | |||
| Hardware: | All | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | Bug Fix | ||
| Doc Text: |
It was found that the “variant” parameter in the TFTP API of Foreman was passed to the eval() function. An attacker could possibly use this flaw to execute arbitrary code with the privileges of the Foreman user.
|
Story Points: | --- | |
| Clone Of: | ||||
| : | 1333405 1333408 (view as bug list) | Environment: | ||
| Last Closed: | 2016-09-19 20:26:57 UTC | Type: | --- | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | 1333405, 1333408 | |||
| Bug Blocks: | 1333386 | |||
|
Description
Adam Mariš
2016-05-05 12:00:41 UTC
Acknowledgments: Name: the Foreman project Upstream: Lukas Zapletal (Red Hat) This issue has been addressed in: Satellite 6.2 In RHBA-2016:1501 |