Bug 1155708 (CVE-2014-3712) - CVE-2014-3712 Katello: user parameters passed to to_sym
Summary: CVE-2014-3712 Katello: user parameters passed to to_sym
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2014-3712
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://projects.theforeman.org/issues...
Whiteboard:
: 1153824 (view as bug list)
Depends On: 1155711 1155714 1161010
Blocks: 1155710
TreeView+ depends on / blocked
 
Reported: 2014-10-22 16:50 UTC by Kurt Seifried
Modified: 2023-05-12 19:41 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-12-04 05:29:29 UTC
Embargoed:

Attachments (Terms of Use)

Description Kurt Seifried 2014-10-22 16:50:25 UTC 
Jan Rusnacko of Red Hat reports:

Katello code exposes potential to_sym Denial of Service attack vector from user input parameters. The two places identified are:

https://github.com/Katello/katello/blob/9231e24f93fa804e557fc95637cfa2c5bb92f6a7/app/controllers/katello/content_search_controller.rb#L617

https://github.com/Katello/katello/blob/9231e24f93fa804e557fc95637cfa2c5bb92f6a7/app/controllers/katello/api/api_controller.rb#L87

This type of attack is documented here - http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/RubySymbols.html

This has been confirmed in testing by Eric Helms of Red Hat.
Comment 1 Kurt Seifried 2014-10-22 16:52:46 UTC 
*** Bug 1153824 has been marked as a duplicate of this bug. ***
Comment 4 Murray McAllister 2014-10-23 01:43:08 UTC 
Acknowledgements:

This issue was discovered by Jan Rusnacko of Red Hat Product Security.
Comment 5 Eric Helms 2014-11-04 16:05:57 UTC 
Created redmine issue http://projects.theforeman.org/issues/8263 from this bug
Note You need to log in before you can comment on or make changes to this bug.