'[oss-security] CVE-2014-3712 Katello: user parameters passed to to_sym'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2014-3712 Katello: user parameters passed to to_sym
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2014-10-22 16:55:33
Message-ID: 5447E185.2030303 () redhat ! com
[Download RAW message or body]


Jan Rusnacko of Red Hat reports:

Katello code exposes potential to_sym Denial of Service attack vector
from user input parameters. The two places identified are:

https://github.com/Katello/katello/blob/9231e24f93fa804e557fc95637cfa2c5bb92f6a7/app/controllers/katello/content_search_controller.rb#L617


https://github.com/Katello/katello/blob/9231e24f93fa804e557fc95637cfa2c5bb92f6a7/app/controllers/katello/api/api_controller.rb#L87


This type of attack is documented here -
http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/RubySymbols.html


This has been confirmed in testing by Eric Helms of Red Hat.

cvss2=3.5/AV:N/AC:M/Au:S/C:N/I:N/A:P

-- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993


["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic