Multiple vulnerabilities in Red Hat Spacewalk



| Updated: 2020-02-18
Risk High
Patch available NO
Number of vulnerabilities 2
CVE-ID CVE-2019-10136
CVE-2020-1693
CWE-ID CWE-347
CWE-611
Exploitation vector Network
Public exploit N/A
Vulnerable software
Spacewalk
Client/Desktop applications / Other client software

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

Updated 18.02.2020

Added vulnerability #2

1) Improper Verification of Cryptographic Signature

EUVDB-ID: #VU25420

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-10136

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass signature validation process.

The vulnerability exists due to the affected software does not safely compute client token checksums. A remote attacker with a valid, but expired, authenticated set of headers can move some digits around, artificially extending the session validity without modifying the checksum.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Spacewalk: 0.5 - 2.9

CPE2.3 External links

https://www.securityfocus.com/bid/109029
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10136


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) XML External Entity injection

EUVDB-ID: #VU25419

Risk: High

CVSSv4.0: 6.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2020-1693

CWE-ID: CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied XML input in the "/rpc/api" endpoint. A remote attacker can pass a specially crafted XML code to the affected application, retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute arbitrary code on the Spacewalk server.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Spacewalk: 0.5 - 2.9

CPE2.3 External links

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1693
https://github.com/spacewalkproject/spacewalk/commit/74e28ec61d916c42061ef4347121650a1c962b0c


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###