oss-sec mailing list archives
CVE-2016-3728: remote code execution in Foreman smart proxy TFTP API
From: Dominic Cleal <dominic () cleal org>
Date: Thu, 19 May 2016 11:40:36 +0100
CVE-2016-3728: remote code execution in Foreman smart proxy TFTP API The Foreman smart proxy TFTP API is vulnerable to arbitrary remote code execution, as it passes untrusted user input (the PXE template type) to the eval() function causing it to be executed. Thanks to Lukas Zapletal for reporting the issue to foreman-security. Mitigation: ensure trusted_hosts is set in /etc/foreman-proxy/settings.yml, HTTPS is in use and /etc/foreman-proxy/settings.d/tftp.yml is configured for https only (if enabled). Affects Foreman 0.2 and higher Fix released in Foreman 1.11.2, and due for 1.10.4 Patch: https://github.com/theforeman/smart-proxy/commit/eef532aa668d656b9d61d9c6edf7c2505f3f43c7 More information: http://theforeman.org/security.html#2016-3728 http://projects.theforeman.org/issues/14931 http://theforeman.org -- Dominic Cleal dominic () cleal org
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE-2016-3728: remote code execution in Foreman smart proxy TFTP API Dominic Cleal (May 19)