Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1155708 - (CVE-2014-3712) CVE-2014-3712 Katello: user parameters passed to to_sym
CVE-2014-3712 Katello: user parameters passed to to_sym
Status: CLOSED WONTFIX
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
http://projects.theforeman.org/issues...
impact=low,public=20141022,reported=2...
: Security
: 1153824 (view as bug list)
Depends On: 1155711 1155714 1161010
Blocks: 1155710
  Show dependency treegraph
 
Reported: 2014-10-22 12:50 EDT by Kurt Seifried
Modified: 2014-12-05 02:39 EST (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-12-04 00:29:29 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Kurt Seifried 2014-10-22 12:50:25 EDT 
Jan Rusnacko of Red Hat reports:

Katello code exposes potential to_sym Denial of Service attack vector from user input parameters. The two places identified are:

https://github.com/Katello/katello/blob/9231e24f93fa804e557fc95637cfa2c5bb92f6a7/app/controllers/katello/content_search_controller.rb#L617

https://github.com/Katello/katello/blob/9231e24f93fa804e557fc95637cfa2c5bb92f6a7/app/controllers/katello/api/api_controller.rb#L87

This type of attack is documented here - http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/RubySymbols.html

This has been confirmed in testing by Eric Helms of Red Hat.
Comment 1 Kurt Seifried 2014-10-22 12:52:46 EDT 
*** Bug 1153824 has been marked as a duplicate of this bug. ***
Comment 4 Murray McAllister 2014-10-22 21:43:08 EDT 
Acknowledgements:

This issue was discovered by Jan Rusnacko of Red Hat Product Security.
Comment 5 Eric Helms 2014-11-04 11:05:57 EST 
Created redmine issue http://projects.theforeman.org/issues/8263 from this bug
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.