Bug 1333408
| Summary: | CVE-2016-3728 foreman: Missing input validation in Smart Proxy allows RCE via TFTP file variant parameter | ||
|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Lukas Zapletal <lzap> |
| Component: | Foreman Proxy | Assignee: | Lukas Zapletal <lzap> |
| Status: | CLOSED WONTFIX | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | high | ||
| Version: | 6.1.0 | CC: | abaron, aortega, apevec, bbuckingham, bkearney, cbillett, chrisw, cwelton, jschluet, lhh, lpeer, lzap, markmc, mburns, mmccune, ohadlevy, rbryant, rhos-maint, satellite6-bugs, sclewis, security-response-team, srevivo, tdecacqu, tjay, tlestach |
| Target Milestone: | Unspecified | Keywords: | Security, Triaged |
| Target Release: | Unused | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://projects.theforeman.org/issues/14931 | ||
| Whiteboard: | impact=moderate,public=20160505,reported=20160505,source=upstream,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cwe=CWE-20,rhn_satellite_6/foreman=new,openstack-foreman/foreman=new,openstack-6-installer/foreman=new | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | CVE-2016-3728 | Environment: | |
| Last Closed: | 2017-09-14 16:21:26 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1333378 | ||
|
Comment 1
Bryan Kearney
2016-05-05 14:17:58 UTC
Moving to POST since upstream bug http://projects.theforeman.org/issues/14931 has been closed This will be fixed in 6.3. I am not expecting this to be pulled back into 6.2.z. I am closing this out. |