Published: 07/07/2014 Updated: 13/02/2023

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

VMScore: 614

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Subscribe to Cloudforms 3.0 Management Engine

The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine (CFME) prior to 5.2.4.2 allow local users to execute arbitrary commands via a symlink attack on a temporary file with a predictable name.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat cloudforms 3.0 management engine 5.2.1
redhat cloudforms 3.0 management engine
redhat cloudforms 3.0 management engine 5.2.1.6
redhat cloudforms 3.0 management engine 5.2.3.2
redhat cloudforms 3.0 management engine 5.2.2
redhat cloudforms 3.0 management engine 5.2
redhat cloudforms 3.0 management engine 5.2.3

The (1) shell_exec function in lib/util/MiqSshUtilV1rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2rb in Red Hat CloudForms 30 Management Engine (CFME) before 5242 allow local users to execute arbitrary commands via a symlink attack on a temporary file with a predictable name ...

CWE-59 https://bugzilla.redhat.com/show_bug.cgi?id=1107528 http://rhn.redhat.com/errata/RHSA-2014-0816.html http://www.securityfocus.com/bid/68300 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2014-3486

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-3486

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect