SUSE update for Security Beta update for SUSE Manager Client Tools

Published: 2022-02-02

Risk	Medium
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2021-39226 CVE-2021-43813
CWE-ID	CWE-284 CWE-22
Exploitation vector	Network
Public exploit	Vulnerability #1 is being exploited in the wild.
Vulnerable software	SUSE Manager Tools Operating systems & Components / Operating system zypp-plugin-spacewalk Operating systems & Components / Operating system package or component suseRegisterInfo Operating systems & Components / Operating system package or component spacewalk-remote-utils Operating systems & Components / Operating system package or component spacewalk-oscap Operating systems & Components / Operating system package or component spacewalk-koan Operating systems & Components / Operating system package or component spacewalk-client-tools Operating systems & Components / Operating system package or component spacewalk-client-setup Operating systems & Components / Operating system package or component spacewalk-check Operating systems & Components / Operating system package or component spacecmd Operating systems & Components / Operating system package or component python2-zypp-plugin-spacewalk Operating systems & Components / Operating system package or component python2-suseRegisterInfo Operating systems & Components / Operating system package or component python2-spacewalk-oscap Operating systems & Components / Operating system package or component python2-spacewalk-koan Operating systems & Components / Operating system package or component python2-spacewalk-client-tools Operating systems & Components / Operating system package or component python2-spacewalk-client-setup Operating systems & Components / Operating system package or component python2-spacewalk-check Operating systems & Components / Operating system package or component python2-rhnlib Operating systems & Components / Operating system package or component python2-mgr-virtualization-host Operating systems & Components / Operating system package or component python2-mgr-virtualization-common Operating systems & Components / Operating system package or component python2-mgr-push Operating systems & Components / Operating system package or component python2-mgr-osad Operating systems & Components / Operating system package or component python2-mgr-osa-common Operating systems & Components / Operating system package or component python2-mgr-cfg-management Operating systems & Components / Operating system package or component python2-mgr-cfg-client Operating systems & Components / Operating system package or component python2-mgr-cfg-actions Operating systems & Components / Operating system package or component python2-mgr-cfg Operating systems & Components / Operating system package or component python2-hwdata Operating systems & Components / Operating system package or component mgr-virtualization-host Operating systems & Components / Operating system package or component mgr-push Operating systems & Components / Operating system package or component mgr-osad Operating systems & Components / Operating system package or component mgr-custom-info Operating systems & Components / Operating system package or component mgr-cfg-management Operating systems & Components / Operating system package or component mgr-cfg-client Operating systems & Components / Operating system package or component mgr-cfg-actions Operating systems & Components / Operating system package or component mgr-cfg Operating systems & Components / Operating system package or component kiwi-desc-saltboot Operating systems & Components / Operating system package or component salt-minion Operating systems & Components / Operating system package or component salt-doc Operating systems & Components / Operating system package or component salt Operating systems & Components / Operating system package or component python3-salt Operating systems & Components / Operating system package or component python2-uyuni-common-libs Operating systems & Components / Operating system package or component python2-salt Operating systems & Components / Operating system package or component grafana Operating systems & Components / Operating system package or component
Vendor	SUSE

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Improper access control

EUVDB-ID: #VU57320

Risk: Medium

CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:A/U:Green]

CVE-ID: CVE-2021-39226

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions to database snapshots. Remote unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "public_mode" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey.

Regardless of the snapshot "public_mode" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss.

Mitigation

Update the affected package Security Beta update for SUSE Manager Client Tools to the latest version.

Vulnerable software versions

SUSE Manager Tools: 12 BETA

zypp-plugin-spacewalk: before 1.0.11-33.18.1

suseRegisterInfo: before 4.3.2-28.18.1

spacewalk-remote-utils: before 4.3.2-27.12.2

spacewalk-oscap: before 4.3.2-22.12.1

spacewalk-koan: before 4.3.2-27.12.1

spacewalk-client-tools: before 4.3.5-55.36.2

spacewalk-client-setup: before 4.3.5-55.36.2

spacewalk-check: before 4.3.5-55.36.2

spacecmd: before 4.3.5-41.30.1

python2-zypp-plugin-spacewalk: before 1.0.11-33.18.1

python2-suseRegisterInfo: before 4.3.2-28.18.1

python2-spacewalk-oscap: before 4.3.2-22.12.1

python2-spacewalk-koan: before 4.3.2-27.12.1

python2-spacewalk-client-tools: before 4.3.5-55.36.2

python2-spacewalk-client-setup: before 4.3.5-55.36.2

python2-spacewalk-check: before 4.3.5-55.36.2

python2-rhnlib: before 4.3.2-24.21.1

python2-mgr-virtualization-host: before 4.3.2-4.12.2

python2-mgr-virtualization-common: before 4.3.2-4.12.2

python2-mgr-push: before 4.3.2-4.12.2

python2-mgr-osad: before 4.3.3-4.21.2

python2-mgr-osa-common: before 4.3.3-4.21.2

python2-mgr-cfg-management: before 4.3.3-4.18.2

python2-mgr-cfg-client: before 4.3.3-4.18.2

python2-mgr-cfg-actions: before 4.3.3-4.18.2

python2-mgr-cfg: before 4.3.3-4.18.2

python2-hwdata: before 2.3.5-15.9.1

mgr-virtualization-host: before 4.3.2-4.12.2

mgr-push: before 4.3.2-4.12.2

mgr-osad: before 4.3.3-4.21.2

mgr-custom-info: before 4.3.3-4.12.1

mgr-cfg-management: before 4.3.3-4.18.2

mgr-cfg-client: before 4.3.3-4.18.2

mgr-cfg-actions: before 4.3.3-4.18.2

mgr-cfg: before 4.3.3-4.18.2

kiwi-desc-saltboot: before 0.1.1639488226.7c9eab9-4.12.1

salt-minion: before 3000-49.41.3

salt-doc: before 3000-49.41.3

salt: before 3000-49.41.3

python3-salt: before 3000-49.41.3

python2-uyuni-common-libs: before 4.3.2-3.24.1

python2-salt: before 3000-49.41.3

grafana: before 7.5.12-4.18.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2022/suse-su-20220310-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

2) Path traversal

EUVDB-ID: #VU64273

Risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-43813

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No