SB2018022115 - Red Hat update for Satellite 6.3

Description

This security bulletin contains information about 15 secuirty vulnerabilities.

1) Cross-site scripting (CVE-ID: CVE-2013-6459)

The vulnerability allows a remote attacker to perform XSS attacks.

The weakness exists due to an input validation error in the will_paginate gem before 3.0.5 for Ruby. A remote authenticated attacker can trick the victim to follow a specially specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

2) Security restrictions bypass (CVE-ID: CVE-2014-8183)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to improper enforcement of access controls on certain resources. A remote attacker can access resources in other organizations.

3) Buffer overflow (CVE-ID: CVE-2016-1669)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to buffer overflow in the zone.cc. A remote attacker can send specially crafted JavaScript code, trigger buffer overflow and cause the application to crash.

Successful exploitation of the vulnerability may result in system compromise.

4) Information disclosure (CVE-ID: CVE-2016-3693)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to a provisioning template containing `inspect` when initialized with a delegate object that is a Rails controller. A remote context-dependent attacker can use the inspect method and access sensitive information.

5) Information disclosure (CVE-ID: CVE-2016-3696)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The weakness exists in the pulp-qpid-ssl-cfg script due to creation of the private CA key in a directory that is world-readable for a small amount of time. A local attacker can gain access to the private key information in the file.

6) Information disclosure (CVE-ID: CVE-2016-3704)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to unsafe use of Bash's $RANDOM that generates a NSS DB password and seed resulting in insufficient randomness. A remote attacker can potentially guess the seed used given enough time and compute resources.

7) Privilege escalation (CVE-ID: CVE-2016-4451)

The vulnerability allows a remote authenticated attacker to bypass security restrictions.

The weakness exists due to improper enforcement of access controls on certain resources. A remote attacker can bypass organization and location restrictions and read or modify data for an arbitrary organization by leveraging knowledge of the id of that organization.

8) Information disclosure (CVE-ID: CVE-2016-4995)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to improper restriction of access to preview provisioning templates. A remote attacker with permissions to preview host templates can access the template preview for any host if they are able to guess the host name, and access potentially sensitive information.

9) Information disclosure (CVE-ID: CVE-2016-4996)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The weakness exists in the discovery-debug due to improper security restrictions. A local attacker with access to the system journal can obtain the root password by reading the system journal, or by clicking Logs on the console.

10) Cross-site scripting (CVE-ID: CVE-2016-6319)

Vulnerability allows a remote attacker to perform Cross-site scripting attacks.

An input validation error exists in app/helpers/form_helper.rb, as used by Remote Execution and possibly other plugins, when processing label parameter. A remote attacker can trick the victim to follow a specially specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

11) Cross-site scripting (CVE-ID: CVE-2016-8639)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

12) Information disclosure (CVE-ID: CVE-2016-9593)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in the foreman-debug's logging due to improper security restrictions. A local attacker with access to the foreman log file can view passwords that allow to access those systems.

13) Improper access control (CVE-ID: CVE-2016-9595)

The vulnerability allows a local attacker to launch a symlink attack on the target system.

The weakness exists in the katello-debug due to insecure usage of temporary files by certain scripts and log files. A local attacker can create a symbolic link from a temporary file to various files on the system, bypass local access protections to overwrite the contents of arbitrary files.

14) Man-in-the-middle attack (CVE-ID: CVE-2017-2667)

The vulnerability allows an adjacent attacker to conduct man-in-the-middle attack.

The weakness exists in the hammer_cli command line client due to disability of SSL/TLS certificate verification by default. An adjacent attacker can use man-in-the-middle techniques to spoof a valid certificate.

15) Information disclosure (CVE-ID: CVE-2017-2672)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists in the foreman's logging due to improper security restrictions during the adding or registering of images. A remote attacker with access to the foreman log file can view passwords for provisioned systems in the log file that allow to access those systems.

Remediation

Install update from vendor's website.

References

• https://access.redhat.com/errata/RHSA-2018:0336