Bug 1593631 (CVE-2018-10865)

Summary: CVE-2018-10865 redhat-certification: "restart" a node without authorization
Product: [Other] Security Response Reporter: Riccardo Schirone <rschiron>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: brose, gnichols, rschiron
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
It has been discovered that redhat-certification does not perform an authorization check and allows an unauthenticated user to call a "restart" RPC method on any host accessible by the system. An attacker could use this flaw to send requests to port 8009 of any host or to keep restarting the RHCertD daemon on a host of another customer.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-25 09:45:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1608910    
Bug Blocks: 1593614    

Description Riccardo Schirone 2018-06-21 09:24:28 UTC 
It has been discovered that the /configuration view of redhat-certification does
not perform an authorization check and it allows an unauthenticated user to call
a "restart" RPC method on any host accessible by the system, even if not
belonging to him.
Comment 1 Riccardo Schirone 2018-06-21 09:24:37 UTC 
Acknowledgments:

Name: Riccardo Schirone (Red Hat Product Security)