Main Vulnerability Database SB2022062204

SB2022062204 - SUSE update for SUSE Manager Server 4.1

Published: June 22, 2022

Security Bulletin ID SB2022062204

Severity

High

Patch available

YES

Number of vulnerabilities 5

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2022-21698)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within method label cardinality. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

2) Improper initialization (CVE-ID: CVE-2022-21724)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to improper initialization in pgjdbc driver when handling attacker-controlled URL in connection properties as the driver does not verify if the class implements the expected interface before instantiating the class. A remote attacker can pass specially crafted URL to the affected application and execute arbitrary code in the system.

3) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2022-21952)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the "/rhn/manager/frontend-log" script takes a text as a POST parameter and then it writes into the "/var/log/rhn/rhn_web_frontend.log" file. A remote non-authenticated attacker can send arbitrary amount of data to the application log and consume all available disk space, cause a denial of service condition.

4) Input validation error (CVE-ID: CVE-2022-26520)

The vulnerability allows a remote attacker to create arbitrary files on the system.

The vulnerability exists due to insufficient validation of user-supplied input when handling jdbc URL or its properties. A remote attacker can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties.

Successful exploitation of the vulnerability may allow an attacker to create and executable arbitraru JSP file under a Tomcat web root.

5) Information Exposure Through an Error Message (CVE-ID: CVE-2022-31248)

The vulnerability allows a remote attacker to enumerate email addresses of registered users.

The vulnerability exists due to the application in /rhn/help/ForgotCredentials.do exposes information about pretense of an email address of the registered user within the application. A remote non-authenticated attacker can enumerate email addresses of application users.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2022/suse-su-20222145-1/

Vulnerable Software

SUSE Linux Enterprise Module for SUSE Manager Server: 4.1
SUSE Manager Server: 4.1
uyuni-config-modules: before 4.1.36-150200.3.64.2
susemanager-web-libs: before 4.1.34-150200.3.47.6
susemanager-sls: before 4.1.36-150200.3.64.2
susemanager-schema: before 4.1.26-150200.3.45.4
susemanager-docs_en-pdf: before 4.1-150200.11.55.2
susemanager-docs_en: before 4.1-150200.11.55.2
susemanager-doc-indexes: before 4.1-150200.11.55.4
subscription-matcher: before 0.28-150200.3.15.2
spacewalk-utils-extras: before 4.1.20-150200.3.30.2
spacewalk-utils: before 4.1.20-150200.3.30.2
spacewalk-taskomatic: before 4.1.46-150200.3.71.5
spacewalk-setup: before 4.1.11-150200.3.18.2
spacewalk-java-postgresql: before 4.1.46-150200.3.71.5
spacewalk-java-lib: before 4.1.46-150200.3.71.5
spacewalk-java-config: before 4.1.46-150200.3.71.5
spacewalk-java: before 4.1.46-150200.3.71.5
spacewalk-html: before 4.1.34-150200.3.47.6
spacewalk-base-minimal-config: before 4.1.34-150200.3.47.6
spacewalk-base-minimal: before 4.1.34-150200.3.47.6
spacewalk-base: before 4.1.34-150200.3.47.6
spacewalk-backend-xmlrpc: before 4.1.31-150200.4.50.4
spacewalk-backend-xml-export-libs: before 4.1.31-150200.4.50.4
spacewalk-backend-tools: before 4.1.31-150200.4.50.4
spacewalk-backend-sql-postgresql: before 4.1.31-150200.4.50.4
spacewalk-backend-sql: before 4.1.31-150200.4.50.4
spacewalk-backend-server: before 4.1.31-150200.4.50.4
spacewalk-backend-package-push-server: before 4.1.31-150200.4.50.4
spacewalk-backend-iss-export: before 4.1.31-150200.4.50.4
spacewalk-backend-iss: before 4.1.31-150200.4.50.4
spacewalk-backend-config-files-tool: before 4.1.31-150200.4.50.4
spacewalk-backend-config-files-common: before 4.1.31-150200.4.50.4
spacewalk-backend-config-files: before 4.1.31-150200.4.50.4
spacewalk-backend-applet: before 4.1.31-150200.4.50.4
spacewalk-backend-app: before 4.1.31-150200.4.50.4
spacewalk-backend: before 4.1.31-150200.4.50.4
spacecmd: before 4.1.18-150200.4.39.3
py27-compat-salt: before 3000.3-150200.6.24.2
prometheus-formula: before 0.3.7-150200.3.21.2
prometheus-exporters-formula: before 0.9.5-150200.3.31.2
postgresql-jdbc: before 42.2.10-150200.3.8.2
susemanager-tools: before 4.1.36-150200.3.52.1
susemanager: before 4.1.36-150200.3.52.1
patterns-suma_server: before 4.1-150200.6.12.2
patterns-suma_retail: before 4.1-150200.6.12.2
golang-github-prometheus-node_exporter: before 1.3.0-150200.3.9.3
golang-github-lusitaniae-apache_exporter-debuginfo: before 0.7.0-150200.2.6.2
golang-github-lusitaniae-apache_exporter: before 0.7.0-150200.2.6.2
golang-github-QubitProducts-exporter_exporter: before 0.4.0-150200.6.12.2

SB2022062204 - SUSE update for SUSE Manager Server 4.1

Breakdown by Severity

Description

Remediation

References

Please verify you're human