An incorrect memory management was found in the remctld and remctl-shell servers when handling commands with the sudo configuration option. For remctld, it may be possible (although appears to be difficult) for a client to execute arbitrary commands on the server. To exploit this vulnerability, the client must have access to run a command that uses the sudo configuration option. The client would then need to run the command using sudo multiple times in a single connection using keep-alive.
Created remctl tracking bugs for this issue:
Affects: fedora-all [bug 1563139]
Affects: epel-all [bug 1563140]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.