Bug 1253884 (CVE-2015-5202) - CVE-2015-5202 Satellite6: Single CA certificate abuse by content nodes to escalate privileges
Summary: CVE-2015-5202 Satellite6: Single CA certificate abuse by content nodes to esc...
Status: NEW
Alias: CVE-2015-5202
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1252573
Blocks: 1252631
TreeView+ depends on / blocked
Reported: 2015-08-15 00:49 UTC by Kurt Seifried
Modified: 2019-09-29 13:36 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A flaw was found in the way the Satellite 6 server broker and capsule broker handled certificate-based authentication from content hosts. An attacker with privileged access on a content host could authenticate to a server or capsule broker and execute arbitrary commands.
Clone Of:
Last Closed:

Attachments (Terms of Use)

Description Kurt Seifried 2015-08-15 00:49:00 UTC
Brian Bouterse of Red Hat reports:

Satellite 6 uses a single CA to generate sign all certs; that CA is trusted by 
the Qpid brokers on the server, capsule, dispatch router, httpd, etc. By design,
content hosts only should connect to httpd and the dispatch router. A user with
root access to a content host has access to these certs and could authenticate 
to the server broker or the capsule broker.

Comment 2 Kurt Seifried 2015-11-06 05:44:37 UTC

This issue was discovered by Brian Bouterse of Red Hat.

Note You need to log in before you can comment on or make changes to this bug.