Bug #4026: native_ms/dnscmd providers should use shell escaping when running commands - Smart Proxy - Foreman

Actions

Copy link

Bug #4026

closed

native_ms/dnscmd providers should use shell escaping when running commands

Added by Dominic Cleal over 10 years ago. Updated over 2 years ago.

Status:

Closed

Priority:

High

Assignee:

Anna Vítová

Category:

Security

Target version:

Difficulty:

Triaged:

Bugzilla link:

Pull request:

https://github.com/theforeman/smart-proxy/pull/796

Fixed in Releases:

Foreman - 3.1.0

Found in Releases:

Red Hat JIRA:

Description

The two Windows providers (native_ms/dnscmd) should escape incoming data which is currently passed straight to the cmd.exe shell.

Assigning Sam as he's already looked a bit at this.

More discussion: https://github.com/theforeman/smart-proxy/pull/127/files#r8814677

Related issues 2 (1 open — 1 closed)

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Foreman » Smart Proxy

Custom queries

Bug #4026

native_ms/dnscmd providers should use shell escaping when running commands

Updated by Dominic Cleal over 10 years ago

Updated by Dominic Cleal over 10 years ago

Updated by Stephen Benjamin about 10 years ago

Updated by Anonymous about 7 years ago

Updated by Anonymous about 7 years ago

Updated by The Foreman Bot almost 3 years ago

Updated by Anna Vítová almost 3 years ago

Updated by The Foreman Bot over 2 years ago

Updated by Anonymous over 2 years ago