CVE-2014-8170

Name of the Vulnerable Software and Affected Versions ovirt-node version 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3

Description The issue arises from the ovirt safe delete config function in ovirtfunctions.py and other unspecified locations, which fails to properly quote input strings. This allows remote authenticated users and physically proximate attackers to execute arbitrary commands by including a semicolon (;) in an input string.

Recommendations For ovirt-node version 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3, consider disabling the ovirt safe delete config function until a patch is available to prevent the execution of arbitrary commands. Restrict access to the ovirtfunctions.py module to minimize the risk of exploitation. Avoid using input strings that contain semicolons (;) in the affected API endpoints until the issue is resolved.