RHSA-2014:0770 - Security Advisory

Topic

An updated foreman-proxy package that fixes one security issue is now
available for Red Hat Enterprise Linux OpenStack Platform 3.0 and 4.0.

The Red Hat Security Response Team has rated this update as having Critical
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

The foreman-proxy package provides a RESTful API to manage DNS, DHCP, TFTP,
and Puppet settings, and can be used as part of Foreman.

A shell command injection flaw was found in the way foreman-proxy verified
URLs in the TFTP module. A remote attacker could use this flaw to execute
arbitrary shell commands on the system with the privileges of the user
running foreman-proxy. (CVE-2014-0007)

This issue was discovered by Lukas Zapletal of Red Hat.

Note that for Red Hat Enterprise Linux OpenStack Platform 3.0, Foreman was
released as a Technology Preview. More information about Red Hat Technology
Previews is available at
https://access.redhat.com/site/support/offerings/techpreview/

All foreman-proxy users are advised to upgrade to this updated package,
which corrects this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Affected Products

• Red Hat OpenStack 4.0 x86_64
• Red Hat OpenStack grizzly x86_64

Fixes

• BZ - 1105369 - CVE-2014-0007 foreman-proxy: smart-proxy remote command injection

CVEs

• CVE-2014-0007

References

• https://access.redhat.com/security/updates/classification/#critical