foreman-proxy is vulnerable to OS command injection. The path
parameter to tftp/fetch_boot_file
in the TFTP
module is not validated and verified, which would allow a remote attacker to inject arbitrary OS commands on the system to be executed in the context of the foreman-proxy process worker.
projects.theforeman.org/issues/6086
rhn.redhat.com/errata/RHSA-2014-0770.html
access.redhat.com/errata/RHEA-2014:1175
access.redhat.com/errata/RHSA-2014:0770
access.redhat.com/security/cve/CVE-2014-0007
access.redhat.com/security/updates/classification/#critical
bugzilla.redhat.com/show_bug.cgi?id=1105369
rhn.redhat.com/errata/RHSA-2014-0770.html