Red Hat Bugzilla – Bug 1255172
CVE-2015-5217 ipsilon: Input validation flaw in handling of user supplied data
Last modified: 2016-11-08 10:50:28 EST
Patrick Uiterwijk of Red Hat reports:
ipsilon does not properly sanitize user provided data in certain data fields.
Created ipsilon tracking bugs for this issue:
Affects: fedora-all [bug 1255176]
This issue was discovered by Patrick Uiterwijk of Red Hat.
It was found that Ipsilon does not properly authorize change of the name of the provider. Non-admin users could change the name to a duplicate value which could possibly lead to DoS attack.