The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine (CFME) prior to 5.2.4.2 allow local users to execute arbitrary commands via a symlink attack on a temporary file with a predictable name.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat cloudforms 3.0 management engine 5.2.1 |
||
redhat cloudforms 3.0 management engine |
||
redhat cloudforms 3.0 management engine 5.2.1.6 |
||
redhat cloudforms 3.0 management engine 5.2.3.2 |
||
redhat cloudforms 3.0 management engine 5.2.2 |
||
redhat cloudforms 3.0 management engine 5.2 |
||
redhat cloudforms 3.0 management engine 5.2.3 |