‫ Red Hat update for CloudForms

IRCAD2013092859
ID: IRCAD2013092859
Release Date: 2013-09-04
Criticality level: Highly critical
 
Software:
Red Hat CloudForms
 
Description:
Red Hat has issued an update for Red Hat CloudForms. This fixes multiple vulnerabilities, which can be exploited by malicious people to manipulate certain data and compromise a vulnerable system.
1) Input passed via the "filename" GET parameter to "agent/log" (when "id" is set to a host guid) is not properly sanitised before being used. This can be exploited to e.g. create arbitrary files via directory traversal sequences.
Successful exploitation of this vulnerability requires knowledge of a valid host guid.
2) Input passed via the "filename" GET parameter to "agent/upload" (when "data", "md5", and "version" is set) is not properly sanitised before being used. This can be exploited to e.g. create arbitrary files via directory traversal sequences.
3) Input passed via the "filename" GET parameter to "agent/linuxpkgs" (when "data" and "md5" is set) is not properly sanitised before being used. This can be exploited to e.g. create and execute arbitrary files with root privileges via directory traversal sequences.
 
Solution
Updated packages are available via the Red Hat Network.
 
References:
RHSA-2013:1206-1:
 
Secunia:

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 18 شهریور 1392

امتیاز

امتیاز شما
تعداد امتیازها:0