Bug 607712 (CVE-2010-2236) - CVE-2010-2236 RHN Satellite / Proxy: Improper monitoring probes input sanitization (ACE)
Summary: CVE-2010-2236 RHN Satellite / Proxy: Improper monitoring probes input sanitiz...
Alias: CVE-2010-2236
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Whiteboard: impact=moderate,public=20140210,repor...
Depends On: 1022697 1022698
Blocks: 730933
TreeView+ depends on / blocked
Reported: 2010-06-24 15:55 UTC by Jan Lieskovsky
Modified: 2019-06-08 13:02 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2014-03-04 05:59:25 UTC

Attachments (Terms of Use)
Sanitize backticks in probes (7.97 KB, patch)
2013-11-05 19:44 UTC, Grant Gainey
no flags Details | Diff

Description Jan Lieskovsky 2010-06-24 15:55:37 UTC
An improper input sanitization flaw was found in the way Red Hat Network
Satellite performed management of monitoring probes. A remote, authenticated
attacker, with the privilege to administer monitoring probes, could execute
arbitrary code with the privileges of the user, the Red Hat Network Satellite
monitoring service is running under, by providing a specially-crafted values 
for certain options of the monitoring probe display.

  For further information about Red Hat Network Satellite monitoring
entitlements and management of monitoring probes, please refer to the
reference guide of your Red Hat Network Satellite installation.

Comment 8 Jan Lieskovsky 2010-06-24 16:57:12 UTC
This issue affects the following versions: 

  v4.0.0, v4.1.0, v4.2.0, v5.0.0, v5.1.0, v5.2.0, v5.3.0

of Red Hat Network Satellite.

This issue affects the v5.3.0 version of Red Hat Network Proxy.

Comment 9 Vincent Danen 2010-06-24 17:13:56 UTC
This issue has been assigned CVE-2010-2236.

Comment 22 Grant Gainey 2013-11-05 19:44:12 UTC
Created attachment 819987 [details]
Sanitize backticks in probes

This patch sanitizes probes by removing backticks.

Comment 26 Kurt Seifried 2014-03-04 05:59:25 UTC

The Red Hat Security Response Team has rated this issue as having Moderate security impact. Satellite 5 is currently in the Production 2 phase of its lifecycle, as such this issue is not currently planned to be addressed in future updates. For additional information, refer to the Satellite Life Cycle: https://access.redhat.com/site/support/policy/updates/satellite page.

Note You need to log in before you can comment on or make changes to this bug.