Bug 1208602 (CVE-2015-1816)

Summary: CVE-2015-1816 foreman: lack of SSL certificate validation when performing LDAPS authentication
Product: [Other] Security Response Reporter: Vasyl Kaigorodov <vkaigoro>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abaron, aortega, apevec, ayoung, bkearney, chrisw, cpelland, cperry, dallan, gkotton, gmollett, jrusnack, katello-bugs, lhh, lpeer, markmc, mburns, mmccune, ohadlevy, rbryant, rhos-maint, sclewis, tjay, yeylon
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: foreman 1.7.4 Doc Type: Bug Fix
Doc Text:
It was found that when making an SSL connection to an LDAP authentication source in Foreman, the remote server certificate was accepted without any verification against known certificate authorities, potentially making TLS connections vulnerable to man-in-the-middle attacks.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2016-02-22 02:20:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1194393    
Bug Blocks: 1145400, 1208603, 1253077    
Attachments:
Description Flags
CVE-2015-1816 patch
none
CVE-2015-1816 monkey patch for older versions none

Description Vasyl Kaigorodov 2015-04-02 16:09:55 UTC 
It was reported that when making an SSL connection to an LDAP authentication source in Foreman, the remote server certificate is accepted without any verification against known certificate authorities.

This can allow the LDAP connection between Foreman and the LDAP server to be attacked, and a different LDAP server could be contacted to authenticate users to Foreman.

Initial report: https://bugzilla.redhat.com/show_bug.cgi?id=1194393
Upstream bug: http://projects.theforeman.org/issues/9858
Comment 1 Ján Rusnačko 2015-04-03 09:11:31 UTC 
Created attachment 1010546 [details]
CVE-2015-1816 patch
Comment 2 Ján Rusnačko 2015-04-03 09:12:06 UTC 
Created attachment 1010547 [details]
CVE-2015-1816 monkey patch for older versions
Comment 3 Ján Rusnačko 2015-04-03 09:16:59 UTC 
Pull request:

https://github.com/theforeman/foreman/pull/2265
Comment 5 errata-xmlrpc 2015-08-12 04:52:05 UTC 
This issue has been addressed in the following products:

  Red Hat Satellite 6.1

Via RHSA-2015:1591 https://access.redhat.com/errata/RHSA-2015:1591
Comment 6 errata-xmlrpc 2015-08-12 05:30:53 UTC 
This issue has been addressed in the following products:

  Red Hat Satellite 6.1

Via RHSA-2015:1592 https://access.redhat.com/errata/RHSA-2015:1592