1629063 – (CVE-2018-14643) CVE-2018-14643 smart_proxy_dynflow: Authentication bypass in Foreman remote execution feature

Bug 1629063 (CVE-2018-14643) - CVE-2018-14643 smart_proxy_dynflow: Authentication bypass in Foreman remote execution feature

Summary: CVE-2018-14643 smart_proxy_dynflow: Authentication bypass in Foreman remote e...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2018-14643
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1629003 1630489 1630490 1630491 1630492
Blocks:	1629064
TreeView+	depends on / blocked

Reported:	2018-09-14 18:55 UTC by Pedro Sampaio
Modified:	2021-02-16 23:03 UTC (History)
CC List:	13 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. A malicious attacker can use this flaw to remotely execute arbitrary commands on machines managed by vulnerable Foreman instances, in a highly privileged context.
Clone Of:
Environment:
Last Closed:	2018-10-17 14:41:43 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2018:2733	0	None	None	None	2018-09-20 17:21:10 UTC

Description Pedro Sampaio 2018-09-14 18:55:00 UTC

A vulnerability was discovered in the Foreman Remote Execution feature, allowing an unauthorized remote attacker to perform arbitrary code execution on managed hosts. The issue affects the component smart_proxy_dynflow 0.1.8 and later (Foreman >= 1.15, Satellite >= 6.3)

Introducing commit:

https://github.com/theforeman/smart_proxy_dynflow/commit/cb7b0b5c9b602f737ab4c6e9fb47c158241cf49c#diff-6dee70f4339cfc3dd8cedfc2a34f14c2

References:

https://bugzilla.redhat.com/show_bug.cgi?id=1629003

Comment 6 Richard Maciel Costa 2018-09-18 19:26:35 UTC

Mitigation:

Disable Smart Proxy Dynflow by setting the :enabled: option to false in the /etc/foreman-proxy/settings.d/dynflow.yml file.

Comment 7 Richard Maciel Costa 2018-09-19 13:21:52 UTC

Acknowledgments:

Name: Ivan Necas (Red Hat)

Comment 9 errata-xmlrpc 2018-09-20 17:21:04 UTC

This issue has been addressed in the following products:

  Red Hat Satellite 6.3 for RHEL 7

Via RHSA-2018:2733 https://access.redhat.com/errata/RHSA-2018:2733

Comment 10 Klaas Demter 2018-09-20 17:28:24 UTC

Is there an upstream fix?

Comment 11 Klaas Demter 2018-09-20 19:20:39 UTC

https://github.com/theforeman/smart_proxy_dynflow/pull/54

Note You need to log in before you can comment on or make changes to this bug.