An improper input sanitization flaw was found in the way Red Hat Network Satellite performed management of monitoring probes. A remote, authenticated attacker, with the privilege to administer monitoring probes, could execute arbitrary code with the privileges of the user, the Red Hat Network Satellite monitoring service is running under, by providing a specially-crafted values for certain options of the monitoring probe display. References: For further information about Red Hat Network Satellite monitoring entitlements and management of monitoring probes, please refer to the reference guide of your Red Hat Network Satellite installation.
This issue affects the following versions: v4.0.0, v4.1.0, v4.2.0, v5.0.0, v5.1.0, v5.2.0, v5.3.0 of Red Hat Network Satellite. This issue affects the v5.3.0 version of Red Hat Network Proxy.
This issue has been assigned CVE-2010-2236.
Created attachment 819987 [details] Sanitize backticks in probes This patch sanitizes probes by removing backticks.
Statement: The Red Hat Security Response Team has rated this issue as having Moderate security impact. Satellite 5 is currently in the Production 2 phase of its lifecycle, as such this issue is not currently planned to be addressed in future updates. For additional information, refer to the Satellite Life Cycle: https://access.redhat.com/site/support/policy/updates/satellite page.