Project

General

Profile

Actions
Copy link

Bug #14974

closed

Arbitrary command execution in rudder relay API due to missing parameter sanitization

Bug #14974: Arbitrary command execution in rudder relay API due to missing parameter sanitization

Added by Alexis Mousset over 6 years ago. Updated about 2 years ago.

Status:
Released
Priority:
N/A
Assignee:
Benoît PECCATTE
Category:
Security
Target version:
4.1.24
Pull Request:
https://github.com/Normation/rudder-p...
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
Reviewed
Fix check:
Checked
Regression:

Description

There is no validation of the "classes" parameters which allows passing arbitrary arguments to the executed command, allowing access to a local root account through CFEngine (-f parameter and local policy in /tmp for example).

It requires:

  • having a local access to the root server to get root access locally, or
  • using the root IP to get root access to relays

Subtasks 2 (0 open2 closed)

Bug #14976: Remove code execution in rudder relay API - 5.1 version ReleasedAlexis MoussetActions
Bug #14977: Parent ticket breaks empty classes case RejectedActions

Updated by Alexis Mousset over 6 years ago Actions
Copy link
 #1

  • Status changed from New to In progress
  • Assignee set to Alexis Mousset

Updated by Alexis Mousset over 6 years ago Actions
Copy link
 #2

  • Status changed from In progress to Pending technical review
  • Assignee changed from Alexis Mousset to Benoît PECCATTE
  • Pull Request set to https://github.com/Normation/rudder-packages/pull/1944

Updated by Rudder Quality Assistant over 6 years ago Actions
Copy link
 #3

  • Assignee changed from Benoît PECCATTE to Alexis Mousset

Updated by Alexis Mousset over 6 years ago Actions
Copy link
 #4

  • Assignee changed from Alexis Mousset to Benoît PECCATTE

Updated by Alexis Mousset over 6 years ago Actions
Copy link
 #5

  • Status changed from Pending technical review to Pending release

Updated by Vincent MEMBRÉ over 6 years ago Actions
Copy link
 #6

  • Name check set to To do

Updated by Vincent MEMBRÉ over 6 years ago Actions
Copy link
 #7

  • Fix check set to To do

Updated by Alexis Mousset over 6 years ago Actions
Copy link
 #8

  • Subject changed from Remove code execution in rudder relay API to Remote code execution in rudder relay API due to missing parameter sanitization

Updated by Alexis Mousset over 6 years ago Actions
Copy link
 #9

  • Subject changed from Remote code execution in rudder relay API due to missing parameter sanitization to Code execution in rudder relay API due to missing parameter sanitization

Updated by Alexis Mousset over 6 years ago Actions
Copy link
 #10

  • Subject changed from Code execution in rudder relay API due to missing parameter sanitization to Arbitrary command execution in rudder relay API due to missing parameter sanitization

Updated by Vincent MEMBRÉ over 6 years ago Actions
Copy link
 #11

  • Fix check changed from To do to Error - Fixed

Updated by Vincent MEMBRÉ over 6 years ago Actions
Copy link
 #12

  • Fix check changed from Error - Fixed to To do

Updated by Alexis Mousset over 6 years ago Actions
Copy link
 #13

  • Name check changed from To do to Reviewed

Updated by Benoît PECCATTE over 6 years ago Actions
Copy link
 #14

  • Fix check changed from To do to Checked

Updated by Vincent MEMBRÉ over 6 years ago Actions
Copy link
 #15

This bug has been fixed in Rudder 4.1.24 and 5.0.12 which were released today.

Updated by Vincent MEMBRÉ about 5 years ago Actions
Copy link
 #16

  • Status changed from Pending release to Released

Updated by Alexis Mousset about 2 years ago Actions
Copy link
 #17

  • Private changed from Yes to No
Actions
Copy link

Also available in: PDF Atom