oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2016-3728: remote code execution in Foreman smart proxy TFTP API

From: Dominic Cleal <dominic () cleal org>
Date: Thu, 19 May 2016 11:40:36 +0100
CVE-2016-3728: remote code execution in Foreman smart proxy TFTP API

The Foreman smart proxy TFTP API is vulnerable to arbitrary remote code
execution, as it passes untrusted user input (the PXE template type) to
the eval() function causing it to be executed.

Thanks to Lukas Zapletal for reporting the issue to foreman-security.

Mitigation: ensure trusted_hosts is set in
/etc/foreman-proxy/settings.yml, HTTPS is in use and
/etc/foreman-proxy/settings.d/tftp.yml is configured for https only (if
enabled).

Affects Foreman 0.2 and higher
Fix released in Foreman 1.11.2, and due for 1.10.4

Patch:
https://github.com/theforeman/smart-proxy/commit/eef532aa668d656b9d61d9c6edf7c2505f3f43c7

More information:
http://theforeman.org/security.html#2016-3728
http://projects.theforeman.org/issues/14931
http://theforeman.org

-- 
Dominic Cleal
dominic () cleal org

Attachment: signature.asc
Description: OpenPGP digital signature

Previous By Date Next
Previous By Thread Next

Current thread: