CVE-2014-3486

2014-07-07T10:55:04
ID CVE-2014-3486
Type cve
Reporter NVD
Modified 2017-01-06T22:00:01

Description

The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allow local users to execute arbitrary commands via a symlink attack on a temporary file with a predictable name.