Date: Thu, 19 May 2016 11:40:36 +0100 From: Dominic Cleal <dominic@...al.org> To: oss-security@...ts.openwall.com Cc: foreman-security@...glegroups.com Subject: CVE-2016-3728: remote code execution in Foreman smart proxy TFTP API CVE-2016-3728: remote code execution in Foreman smart proxy TFTP API The Foreman smart proxy TFTP API is vulnerable to arbitrary remote code execution, as it passes untrusted user input (the PXE template type) to the eval() function causing it to be executed. Thanks to Lukas Zapletal for reporting the issue to foreman-security. Mitigation: ensure trusted_hosts is set in /etc/foreman-proxy/settings.yml, HTTPS is in use and /etc/foreman-proxy/settings.d/tftp.yml is configured for https only (if enabled). Affects Foreman 0.2 and higher Fix released in Foreman 1.11.2, and due for 1.10.4 Patch: https://github.com/theforeman/smart-proxy/commit/eef532aa668d656b9d61d9c6edf7c2505f3f43c7 More information: http://theforeman.org/security.html#2016-3728 http://projects.theforeman.org/issues/14931 http://theforeman.org -- Dominic Cleal dominic@...al.org Download attachment "signature.asc" of type "application/pgp-signature" (182 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ