Bug 1253884 - (CVE-2015-5202) CVE-2015-5202 Satellite6: Single CA certificate abuse by content nodes to escalate privileges
CVE-2015-5202 Satellite6: Single CA certificate abuse by content nodes to esc...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 1252573
Blocks: 1252631
  Show dependency treegraph
Reported: 2015-08-14 20:49 EDT by Kurt Seifried
Modified: 2016-02-15 09:27 EST (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A flaw was found in the way the Satellite 6 server broker and capsule broker handled certificate-based authentication from content hosts. An attacker with privileged access on a content host could authenticate to a server or capsule broker and execute arbitrary commands.
Story Points: ---
Clone Of:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Kurt Seifried 2015-08-14 20:49:00 EDT
Brian Bouterse of Red Hat reports:

Satellite 6 uses a single CA to generate sign all certs; that CA is trusted by 
the Qpid brokers on the server, capsule, dispatch router, httpd, etc. By design,
content hosts only should connect to httpd and the dispatch router. A user with
root access to a content host has access to these certs and could authenticate 
to the server broker or the capsule broker.
Comment 2 Kurt Seifried 2015-11-06 00:44:37 EST

This issue was discovered by Brian Bouterse of Red Hat.

Note You need to log in before you can comment on or make changes to this bug.