An incorrect memory management was found in the remctld and remctl-shell servers when handling commands with the sudo configuration option. For remctld, it may be possible (although appears to be difficult) for a client to execute arbitrary commands on the server. To exploit this vulnerability, the client must have access to run a command that uses the sudo configuration option. The client would then need to run the command using sudo multiple times in a single connection using keep-alive. External References: https://www.eyrie.org/~eagle/software/remctl/security/2018-04-01.html Upstream patch: https://git.eyrie.org/?p=kerberos/remctl.git;a=commit;h=86c7e44090c988112a37589d2c7a94029eb5e641
Created remctl tracking bugs for this issue: Affects: fedora-all [bug 1563139] Affects: epel-all [bug 1563140]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.