Lucene search

K
redhatRedHatRHSA-2024:2011
HistoryApr 23, 2024 - 5:14 p.m.

(RHSA-2024:2011) Important: Satellite Client Async Security Update

2024-04-2317:14:55
access.redhat.com
26
red hat satellite
security update
puppet-agent
buffer overflow
cve-2023-38545
unix
configuration management

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.003

Percentile

70.6%

Red Hat Satellite is a system management solution that allows organizations
to configure and maintain their systems without the necessity to provide
public Internet access to their servers or other client systems. It
performs provisioning and configuration management of predefined standard
operating environments.

Security fix:

  • puppet-agent: curl heap based buffer overflow in the SOCKS5 proxy handshake (CVE-2023-38545)

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.003

Percentile

70.6%