Release date:
Updated on:
Affected Systems:
RedHat OpenShift Origin
Description:
--------------------------------------------------------------------------------
Bugtraq id: 57189
CVE (CAN) ID: CVE-2012-5646
Red Hat OpenShift Origin is a cloud computing platform and service.
Red Hat OpenShift Origin storage application (restorer. A vulnerability exists in the management interface of php. Remote attackers can send specially crafted requests to restorer. php, causing the query string to be parsed into command line options and parameters, resulting in arbitrary code execution.
<* Source: Michael Scherer
Link: https://www.redhat.com/support/errata/RHSA-2013-0148.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
RedHat
------
For this reason, RedHat has released a Security Bulletin (RHSA-2013: 0148-01) and patch:
RHSA-2013: 0148-01: Moderate: openshift-origin-node-util security update
Link: https://www.redhat.com/support/errata/RHSA-2013-0148.html
Patch download:
RedHat OpenShift Enterprise Node:
Source:
Ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-node-util-1.0.5-3.el6op.src.rpm
Noarch:
Openshift-origin-node-util-1.0.5-3.el6op.noarch.rpm