Описание
CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user.
CloudForms Management Engine has a vulnerability that allows local users to execute arbitrary commands as root. An attacker with SSH access to the system can use the dRuby (DRb) module installed on the system to execute arbitrary shell commands using instance_eval().
Меры по смягчению последствий
Administrators of the CloudForms appliance can filter local packages going to the port where MIQ Server is listening, by using the following iptables command:
iptables -I OUTPUT 1 -o lo -d localhost/32 -p tcp -m tcp --dport -m owner '!' --uid-owner root -j DROP
Where the MIQ Server port can be found using netstat command:
netstat -nl --tcp -p | grep -i "miq server"
Дополнительная информация
Статус:
7.8 High
CVSS3
Связанные уязвимости
CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user.
CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user.
7.8 High
CVSS3