Red Hat Bugzilla – Bug 1011824
CVE-2013-4373 JON Drift: Malicious drift file import due to insecure temporary file usage
Last modified: 2015-02-15 16:52:36 EST
A flaw was identified in how JPADriftServerBean instances stored drift files. When unpacking a given zip file, the storeFiles method creates and extracts to a predictable temporary directory. Once extracted all files in this directory are stored. This allows a local attacker to provide their own drift files to be imported into the server instance.
This issue has been addressed in following products:
Red Hat JBoss Operations Network 3.1.2
Via RHSA-2013:1448 https://rhn.redhat.com/errata/RHSA-2013-1448.html