ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to execute arbitrary commands via a ; (semicolon) in an input string.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2017-09-25T19:00:00
Updated: 2024-08-06T13:10:50.900Z
Reserved: 2014-10-10T00:00:00
Link: CVE-2014-8170
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-09-26T01:29:00.320
Modified: 2023-02-13T00:44:12.787
Link: CVE-2014-8170
Redhat