Commit Graph

1 Commits (f18f480a3c3f6c2cce67d7a7e11e425c3794bc50)

Author SHA1 Message Date
Abhijeet Kasurde 7d2ae7e322 solaris_zone: Allow only valid characters in zone name (#65686)
CVE-2019-14904 - solaris_zone module accepts zone name and performs actions related to that.
However, there is no user input validation done while performing actions.
A malicious user could provide a crafted zone name which allows executing commands
into the server manipulating the module behaviour.

Adding user input validation as per Solaris Zone documentation fixes this issue.

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
5 years ago