Commit Graph

1 Commits (b3db41e6d8d8fe0b2d559a35ab2a4557b26c56a8)

Author SHA1 Message Date
Abhijeet Kasurde 7d2ae7e322 solaris_zone: Allow only valid characters in zone name (#65686)
CVE-2019-14904 - solaris_zone module accepts zone name and performs actions related to that.
However, there is no user input validation done while performing actions.
A malicious user could provide a crafted zone name which allows executing commands
into the server manipulating the module behaviour.

Adding user input validation as per Solaris Zone documentation fixes this issue.

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
5 years ago