Bug 607712 - (CVE-2010-2236) CVE-2010-2236 RHN Satellite / Proxy: Improper monitoring probes input sanitization (ACE)
CVE-2010-2236 RHN Satellite / Proxy: Improper monitoring probes input sanitiz...
Status: CLOSED WONTFIX
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20140210,repor...
: Security
Depends On: 1022697 1022698
Blocks: 730933
  Show dependency treegraph
 
Reported: 2010-06-24 11:55 EDT by Jan Lieskovsky
Modified: 2014-03-04 01:15 EST (History)
13 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-03-04 00:59:25 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Sanitize backticks in probes (7.97 KB, patch)
2013-11-05 14:44 EST, Grant Gainey
no flags Details | Diff

  None (edit)
Description Jan Lieskovsky 2010-06-24 11:55:37 EDT
An improper input sanitization flaw was found in the way Red Hat Network
Satellite performed management of monitoring probes. A remote, authenticated
attacker, with the privilege to administer monitoring probes, could execute
arbitrary code with the privileges of the user, the Red Hat Network Satellite
monitoring service is running under, by providing a specially-crafted values 
for certain options of the monitoring probe display.

References:
  For further information about Red Hat Network Satellite monitoring
entitlements and management of monitoring probes, please refer to the
reference guide of your Red Hat Network Satellite installation.
Comment 8 Jan Lieskovsky 2010-06-24 12:57:12 EDT
This issue affects the following versions: 

  v4.0.0, v4.1.0, v4.2.0, v5.0.0, v5.1.0, v5.2.0, v5.3.0

of Red Hat Network Satellite.

This issue affects the v5.3.0 version of Red Hat Network Proxy.
Comment 9 Vincent Danen 2010-06-24 13:13:56 EDT
This issue has been assigned CVE-2010-2236.
Comment 22 Grant Gainey 2013-11-05 14:44:12 EST
Created attachment 819987 [details]
Sanitize backticks in probes

This patch sanitizes probes by removing backticks.
Comment 26 Kurt Seifried 2014-03-04 00:59:25 EST
Statement:

The Red Hat Security Response Team has rated this issue as having Moderate security impact. Satellite 5 is currently in the Production 2 phase of its lifecycle, as such this issue is not currently planned to be addressed in future updates. For additional information, refer to the Satellite Life Cycle: https://access.redhat.com/site/support/policy/updates/satellite page.

Note You need to log in before you can comment on or make changes to this bug.