foreman-proxy: smart-proxy remote command injection

The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetchbootfile...

PT-2014-3429 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.4.5 Foreman versions 1.5.x prior to 1.5.1 Description: The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to the "tftp/fetch boot file" endpoint...