CVE-2014-0007 Information

Description

The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetch_boot_file.

Reference

http://projects.theforeman.org/issues/6086 http://rhn.redhat.com/errata/RHSA-2014-0770.html