Bug 1092894 (CVE-2014-3642) - CVE-2014-3642 CFME: dangerous send method in performance.rb
Summary: CVE-2014-3642 CFME: dangerous send method in performance.rb
Status: CLOSED ERRATA
Alias: CVE-2014-3642
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20141002,repor...
Keywords: Security
Depends On: 1142455 1142456
Blocks: 1092895
TreeView+ depends on / blocked
 
Reported: 2014-04-30 08:01 UTC by Kurt Seifried
Modified: 2019-06-08 20:01 UTC (History)
14 users (show)

(edit)
It was found that Red Hat CloudForms contained an insecure send method that accepted user-supplied arguments. An authenticated user could use this flaw to modify the program flow in a way that could result in privilege escalation.
Clone Of:
(edit)
Last Closed: 2014-10-02 20:30:42 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2014:1317 normal SHIPPED_LIVE Moderate: cfme security, bug fix, and enhancement update 2014-10-02 22:40:23 UTC

Description Kurt Seifried 2014-04-30 08:01:32 UTC
Jan Rusnacko of Red Hat reports:

current CFME code contains dangerous send in
cfme/vmdb/app/controllers/application_controller/performance.rb :

747: p_rpt.where_clause[2] =
@perf_record.send(@perf_options[:parent].underscore).id

This calls .send method on @perf_record, with argument @perf_options[:parent],
which is supplied by user:

29: @perf_options[:parent] = params[:compare_to].blank? ? nil :
params[:compare_to] if params.has_key?(:compare_to)

Comment 1 Martin Povolny 2014-08-19 13:53:22 UTC
this bug was fixed by dclarizio 2982783ab1a5432d9a63a645061986f82bb95514 in the old upstream repo

and it's fixed with the initial commit in the new repo

so this is fixed for 5.3 --> moving to to QA

Comment 3 Kurt Seifried 2014-09-17 02:21:14 UTC
Acknowledgement:

This issue was discovered by Jan Rusnacko of Red Hat Product Security.

Comment 4 Martin Prpič 2014-09-29 13:35:10 UTC
IssueDescription:

It was found that Red Hat CloudForms contained an insecure send method that accepted user-supplied arguments. An authenticated user could use this flaw to modify the program flow in a way that could result in privilege escalation.

Comment 5 errata-xmlrpc 2014-10-02 18:58:18 UTC
This issue has been addressed in the following products:

  CloudForms Management Engine 5.3

Via RHSA-2014:1317 https://rhn.redhat.com/errata/RHSA-2014-1317.html


Note You need to log in before you can comment on or make changes to this bug.