Bug 1629063 (CVE-2018-14643) - CVE-2018-14643 smart_proxy_dynflow: Authentication bypass in Foreman remote execution feature
Summary: CVE-2018-14643 smart_proxy_dynflow: Authentication bypass in Foreman remote e...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2018-14643
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1629003 1630489 1630490 1630491 1630492
Blocks: 1629064
TreeView+ depends on / blocked
 
Reported: 2018-09-14 18:55 UTC by Pedro Sampaio
Modified: 2019-09-29 14:58 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. A malicious attacker can use this flaw to remotely execute arbitrary commands on machines managed by vulnerable Foreman instances, in a highly privileged context.
Clone Of:
Environment:
Last Closed: 2018-10-17 14:41:43 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:2733 None None None 2018-09-20 17:21:10 UTC

Description Pedro Sampaio 2018-09-14 18:55:00 UTC
A vulnerability was discovered in the Foreman Remote Execution feature, allowing an unauthorized remote attacker to perform arbitrary code execution on managed hosts. The issue affects the component smart_proxy_dynflow 0.1.8 and later (Foreman >= 1.15, Satellite >= 6.3)

Introducing commit:

https://github.com/theforeman/smart_proxy_dynflow/commit/cb7b0b5c9b602f737ab4c6e9fb47c158241cf49c#diff-6dee70f4339cfc3dd8cedfc2a34f14c2

References:

https://bugzilla.redhat.com/show_bug.cgi?id=1629003

Comment 6 Richard Maciel Costa 2018-09-18 19:26:35 UTC
Mitigation:

Disable Smart Proxy Dynflow by setting the :enabled: option to false in the /etc/foreman-proxy/settings.d/dynflow.yml file.

Comment 7 Richard Maciel Costa 2018-09-19 13:21:52 UTC
Acknowledgments:

Name: Ivan Necas (Red Hat)

Comment 9 errata-xmlrpc 2018-09-20 17:21:04 UTC
This issue has been addressed in the following products:

  Red Hat Satellite 6.3 for RHEL 7

Via RHSA-2018:2733 https://access.redhat.com/errata/RHSA-2018:2733

Comment 10 Klaas Demter 2018-09-20 17:28:24 UTC
Is there an upstream fix?


Note You need to log in before you can comment on or make changes to this bug.