Multiple vulnerabilities in Red Hat Spacewalk
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2019-10136 CVE-2020-1693 |
| CWE-ID | CWE-347 CWE-611 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Spacewalk Client/Desktop applications / Other client software |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
Updated 18.02.2020
Added vulnerability #2
1) Improper Verification of Cryptographic Signature
EUVDB-ID: #VU25420
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-10136
CWE-ID:
CWE-347 - Improper Verification of Cryptographic Signature
Exploit availability: No
Description
The vulnerability allows a remote attacker to bypass signature validation process.
The vulnerability exists due to the affected software does not safely compute client token checksums. A remote attacker with a valid, but expired, authenticated set of headers can move some digits around, artificially extending the session validity without modifying the checksum.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsSpacewalk: 0.5 - 2.9
CPE2.3- cpe:2.3:a:red_hat:spacewalk:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:spacewalk:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:spacewalk:0.7:*:*:*:*:*:*:*
https://www.securityfocus.com/bid/109029
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10136
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) XML External Entity injection
EUVDB-ID: #VU25419
Risk: High
CVSSv4.0: 6.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-1693
CWE-ID:
CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied XML input in the "/rpc/api" endpoint. A remote attacker can pass a specially crafted XML code to the affected application, retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute arbitrary code on the Spacewalk server.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsSpacewalk: 0.5 - 2.9
CPE2.3- cpe:2.3:a:red_hat:spacewalk:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:spacewalk:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:spacewalk:0.7:*:*:*:*:*:*:*
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1693
https://github.com/spacewalkproject/spacewalk/commit/74e28ec61d916c42061ef4347121650a1c962b0c
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
