Bug 1629003

Summary: CVE-2018-14643 rubygem-smart_proxy_dynflow: Authentication bypass in Foreman remote execution feature [rhn_satellite_6.3]
Product: Red Hat Satellite Reporter: Mike McCune <mmccune>
Component: SecurityAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED ERRATA QA Contact: Katello QA List <katello-qa-list>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 6.3.2CC: aruzicka, bbuckingham, bkearney, cbuissar, cwelton, egolov, ehelms, inecas, jcallaha, jspinks, lisas, lzap, mhulan, pcreech, rcosta, rjerrido, security-response-team, tbrisker
Target Milestone: UnspecifiedKeywords: Security, SecurityTracking, Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: rubygem-smart_proxy_dynflow-0.1.10.2-1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1630974 (view as bug list) Environment:
Last Closed: 2018-09-20 17:21:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1629063, 1630974    

Comment 7 jcallaha 2018-09-19 16:16:30 UTC 
Verified.

I tested this against 6.3.3 and was able to run the arbitrary commands against the target host.

After installing the patch, further attempts were met with this error: 
"No client SSL certificate supplied".
Comment 8 Richard Maciel Costa 2018-09-20 14:17:35 UTC 
*** Bug 1630489 has been marked as a duplicate of this bug. ***
Comment 10 errata-xmlrpc 2018-09-20 17:21:06 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:2733
Comment 11 Ivan Necas 2018-09-20 19:03:12 UTC 
Created redmine issue https://projects.theforeman.org/issues/25001 from this bug