Lucene search

HistoryJan 24, 2013 - 12:00 a.m.

RHEL 6 : katello in Subscription Asset Manager (RHSA-2012:1187)

2013-01-2400:00:00

www.tenable.com

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.015 Low

EPSS

Percentile

87.1%

JSON

Updated katello packages that fix one security issue are now available for Red Hat Subscription Asset Manager.

The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Katello allows you to manage the application life cycle for Linux systems. Katello is used by Red Hat Subscription Asset Manager, a distributor application for handling subscription information and software updates on client machines.

It was found that the katello-common package’s installation script did not correctly generate the secret token used for session cookie generation, leading to every default installation using the same secret token. A remote attacker could use this flaw to create a cookie that would allow them to log into the Subscription Asset Manager web interface as any user, without knowing the passwords. (CVE-2012-3503)

All users of Red Hat Subscription Asset Manager are advised to upgrade to these updated packages, which correct this issue. For instructions on applying this update, refer to the Subscription Asset Manager Installation Guide, linked to in the References section.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2012:1187. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(64052);
  script_version("1.18");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2012-3503");
  script_bugtraq_id(55140);
  script_xref(name:"RHSA", value:"2012:1187");

  script_name(english:"RHEL 6 : katello in Subscription Asset Manager (RHSA-2012:1187)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated katello packages that fix one security issue are now available
for Red Hat Subscription Asset Manager.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System
(CVSS) base score, which gives a detailed severity rating, is
available from the CVE link in the References section.

Katello allows you to manage the application life cycle for Linux
systems. Katello is used by Red Hat Subscription Asset Manager, a
distributor application for handling subscription information and
software updates on client machines.

It was found that the katello-common package's installation script did
not correctly generate the secret token used for session cookie
generation, leading to every default installation using the same
secret token. A remote attacker could use this flaw to create a cookie
that would allow them to log into the Subscription Asset Manager web
interface as any user, without knowing the passwords. (CVE-2012-3503)

All users of Red Hat Subscription Asset Manager are advised to upgrade
to these updated packages, which correct this issue. For instructions
on applying this update, refer to the Subscription Asset Manager
Installation Guide, linked to in the References section."
  );
  # https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Subscription_Asset_Manager/1.1/html/Installation_Guide/sect-Installation_Guide-Administration-Upgrading_Subscription_Asset_Manager.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?ce2b1f20"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2012:1187"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2012-3503"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Update the affected katello-common and / or katello-glue-candlepin
packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:katello-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:katello-glue-candlepin");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/08/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/08/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/24");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2012:1187";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;

  if (! (rpm_exists(release:"RHEL6", rpm:"candlepin-"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "Subscription Asset Manager");

  if (rpm_check(release:"RHEL6", reference:"katello-common-0.3.4-1.el6_2")) flag++;
  if (rpm_check(release:"RHEL6", reference:"katello-glue-candlepin-0.3.4-1.el6_2")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "katello-common / katello-glue-candlepin");
  }
}

VendorProductVersionCPE
redhatenterprise_linuxkatello-commonp-cpe:/a:redhat:enterprise_linux:katello-common
redhatenterprise_linuxkatello-glue-candlepinp-cpe:/a:redhat:enterprise_linux:katello-glue-candlepin
redhatenterprise_linux6cpe:/o:redhat:enterprise_linux:6

Vendor	Product	Version	CPE
redhat	enterprise_linux	katello-common	p-cpe:/a:redhat:enterprise_linux:katello-common
redhat	enterprise_linux	katello-glue-candlepin	p-cpe:/a:redhat:enterprise_linux:katello-glue-candlepin
redhat	enterprise_linux	6	cpe:/o:redhat:enterprise_linux:6

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3503

www.nessus.org/u?ce2b1f20

access.redhat.com/errata/RHSA-2012:1187

access.redhat.com/security/cve/cve-2012-3503

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.015 Low

EPSS

Percentile

87.1%

JSON

Related for REDHAT-RHSA-2012-1187.NASL