NVD Vulnerability Detail

CVE-2014-8170

Summary	ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to execute arbitrary commands via a ; (semicolon) in an input string.
Publication Date	Sept. 26, 2017, 10:29 a.m.
Registration Date	Jan. 26, 2021, 3:20 p.m.
Last Update	Nov. 21, 2024, 11:18 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:ovirt:ovirt-node:3.0.0-474-gb852fd7:::::::*
execution environment
1	cpe:2.3:a:redhat:enterprise_virtualization:3.0:::::::*

Related information, measures and tools

No	URL	タグ
1	https://bugzilla.redhat.com/show_bug.cgi?id=1194745	Issue Tracking Third Party Advisory VDB Entry
2	https://bugzilla.redhat.com/show_bug.cgi?id=1194745	Issue Tracking Third Party Advisory VDB Entry
3	https://gerrit.ovirt.org/gitweb?p=ovirt-node.git%3Ba=blob%3Bf=src/ovirtnode/ovirtfunctions.py%3Bh=caef7ef019ca12b49aa3c030792538956fb4caad%3Bhb=e11e02cd9256c854dd0419515097637d6829b4f1#l1091
4	https://gerrit.ovirt.org/gitweb?p=ovirt-node.git%3Ba=blob%3Bf=src/ovirtnode/ovirtfunctions.py%3Bh=caef7ef019ca12b49aa3c030792538956fb4caad%3Bhb=e11e02cd9256c854dd0419515097637d6829b4f1#l1091

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-134	書式文字列の問題	https://cwe.mitre.org/data/definitions/134.html

JVN Vulnerability Information

Red Hat Enterprise Virtualization パッケージの ovirt-node における書式文字列に関する脆弱性

Title	Red Hat Enterprise Virtualization パッケージの ovirt-node における書式文字列に関する脆弱性
Summary	Red Hat Enterprise Virtualization パッケージの ovirt-node には、書式文字列に関する脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Oct. 10, 2014, midnight
Registration Date	Oct. 24, 2017, 4:57 p.m.
Last Update	Oct. 24, 2017, 4:57 p.m.

Affected System

oVirt

ovirt-node

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2014-8170	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8170
National Vulnerability Database (NVD)
2	CVE-2014-8170	https://nvd.nist.gov/vuln/detail/CVE-2014-8170

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-134	https://jvndb.jvn.jp/ja/cwe/CWE-134.html

ベンダー情報

No	Name	URL
Gerrit Code Review
1	ovirtfunctions: Prevent recursion in safe_delete (#1091)	https://gerrit.ovirt.org/gitweb?p=ovirt-node.git;a=blob;f=src/ovirtnode/ovirtfunctions.py;h=caef7ef019ca12b49aa3c030792538956fb4caad;hb=e11e02cd9256c854dd0419515097637d6829b4f1#l1091
Red Hat Bugzilla
2	Bug 1194745	https://bugzilla.redhat.com/show_bug.cgi?id=1194745

Change Log

No	Changed Details	Date of change
0	[2017年10月23日] 掲載	Feb. 17, 2018, 10:37 a.m.