It was discovered that a world-readable log file, belonging to the Candlepin component of Red Hat Satellite 6.4, leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from fetching package updates, thus preventing all Satellite hosts from accessing those updates.
A vulnerability was found in the way Satellite 6 installer logs the calls to Candlepins cpdb. The /var/log/candlepin/cpdb.log log file permissions allows a non privileged user to read credentials information from the log files.
Remove world readable permission from /var/log/candlepin/cpdb.log, by executing the following on the console of the machine where Red Hat Satellite is installed, as root:
chmod o-r /var/log/candlepin/cpdb.log
Name: Evgeni Golov (Red Hat)
This issue has been addressed in the following products:
Red Hat Satellite 6.5 for RHEL 7
Via RHSA-2019:1222 https://access.redhat.com/errata/RHSA-2019:1222