Red Hat Bugzilla – Bug 1333378
CVE-2016-3728 foreman: Missing input validation in Smart Proxy allows RCE via TFTP file variant parameter
Last modified: 2016-09-20 20:26:52 EDT
It was reported that TFTP API module in Smart Proxy is vulnerable to remote code execution via "variant" parameter, which is used to instantiate an implementation class using eval() on the user supplemented input.
Service is usually restricted in a default Foreman installation by requiring client SSL certificates and enforcing access to a configured list of trusted hosts, but may also be configured openly. The TFTP module is enabled in default installation, but may be disabled. Affected versions are 0.2 and higher.
Name: the Foreman project
Upstream: Lukas Zapletal (Red Hat)
This issue has been addressed in: