Red Hat Bugzilla – Bug 607712
CVE-2010-2236 RHN Satellite / Proxy: Improper monitoring probes input sanitization (ACE)
Last modified: 2014-03-04 01:15:21 EST
An improper input sanitization flaw was found in the way Red Hat Network
Satellite performed management of monitoring probes. A remote, authenticated
attacker, with the privilege to administer monitoring probes, could execute
arbitrary code with the privileges of the user, the Red Hat Network Satellite
monitoring service is running under, by providing a specially-crafted values
for certain options of the monitoring probe display.
For further information about Red Hat Network Satellite monitoring
entitlements and management of monitoring probes, please refer to the
reference guide of your Red Hat Network Satellite installation.
This issue affects the following versions:
v4.0.0, v4.1.0, v4.2.0, v5.0.0, v5.1.0, v5.2.0, v5.3.0
of Red Hat Network Satellite.
This issue affects the v5.3.0 version of Red Hat Network Proxy.
This issue has been assigned CVE-2010-2236.
Created attachment 819987 [details]
Sanitize backticks in probes
This patch sanitizes probes by removing backticks.
The Red Hat Security Response Team has rated this issue as having Moderate security impact. Satellite 5 is currently in the Production 2 phase of its lifecycle, as such this issue is not currently planned to be addressed in future updates. For additional information, refer to the Satellite Life Cycle: https://access.redhat.com/site/support/policy/updates/satellite page.