Red Hat Bugzilla – Bug 888518
CVE-2012-5646 openshift-origin-node-util: restorer.php preg_match shell code injection
Last modified: 2013-01-22 16:50:44 EST
Michael Scherer (firstname.lastname@example.org) reports:
the file https://github.com/openshift/origin-server/blob/master/node-util/www/html/restorer.php
used to restore application after being idle fails to safely handle user
supplied data that is later used on the command line.
Created attachment 665754 [details]
This issue was discovered by Michael Scherer of the Red Hat Regional IT team.
This issue has been addressed in following products:
RHEL 6 Version of OpenShift Enterprise
Via RHSA-2013:0148 https://rhn.redhat.com/errata/RHSA-2013-0148.html
This issue has been addressed in OpenShift Online.