Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <573D9824.9040607@cleal.org>
Date: Thu, 19 May 2016 11:40:36 +0100
From: Dominic Cleal <dominic@...al.org>
To: oss-security@...ts.openwall.com
Cc: foreman-security@...glegroups.com
Subject: CVE-2016-3728: remote code execution in Foreman smart proxy TFTP API

CVE-2016-3728: remote code execution in Foreman smart proxy TFTP API

The Foreman smart proxy TFTP API is vulnerable to arbitrary remote code
execution, as it passes untrusted user input (the PXE template type) to
the eval() function causing it to be executed.

Thanks to Lukas Zapletal for reporting the issue to foreman-security.

Mitigation: ensure trusted_hosts is set in
/etc/foreman-proxy/settings.yml, HTTPS is in use and
/etc/foreman-proxy/settings.d/tftp.yml is configured for https only (if
enabled).

Affects Foreman 0.2 and higher
Fix released in Foreman 1.11.2, and due for 1.10.4

Patch:
https://github.com/theforeman/smart-proxy/commit/eef532aa668d656b9d61d9c6edf7c2505f3f43c7

More information:
http://theforeman.org/security.html#2016-3728
http://projects.theforeman.org/issues/14931
http://theforeman.org

-- 
Dominic Cleal
dominic@...al.org



Download attachment "signature.asc" of type "application/pgp-signature" (182 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.