Bug 1253884 (CVE-2015-5202) - CVE-2015-5202 Satellite6: Single CA certificate abuse by content nodes to escalate privileges
Summary: CVE-2015-5202 Satellite6: Single CA certificate abuse by content nodes to esc...
Status: NEW
Alias: CVE-2015-5202
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20150818,repor...
Keywords: Security
Depends On: 1252573
Blocks: 1252631
TreeView+ depends on / blocked
 
Reported: 2015-08-15 00:49 UTC by Kurt Seifried
Modified: 2019-06-08 20:42 UTC (History)
7 users (show)

(edit)
A flaw was found in the way the Satellite 6 server broker and capsule broker handled certificate-based authentication from content hosts. An attacker with privileged access on a content host could authenticate to a server or capsule broker and execute arbitrary commands.
Clone Of:
(edit)
Last Closed:


Attachments (Terms of Use)

Description Kurt Seifried 2015-08-15 00:49:00 UTC
Brian Bouterse of Red Hat reports:

Satellite 6 uses a single CA to generate sign all certs; that CA is trusted by 
the Qpid brokers on the server, capsule, dispatch router, httpd, etc. By design,
content hosts only should connect to httpd and the dispatch router. A user with
root access to a content host has access to these certs and could authenticate 
to the server broker or the capsule broker.

Comment 2 Kurt Seifried 2015-11-06 05:44:37 UTC
Acknowledgement:

This issue was discovered by Brian Bouterse of Red Hat.


Note You need to log in before you can comment on or make changes to this bug.