394 matches found
rhn-tools:1.0 bug fix and enhancement update
An update is available for osad, spacewalk-abrt, rhn-custom-info, rhncfg, spacewalk-koan, spacewalk-oscap, spacewalk-backend, rhn-virtualization, spacewalk-usix, rhnpush, spacewalk-client-cert, cobbler, spacewalk-remote-utils. This update affects Rocky Linux 8. A Common Vulnerability Scoring Syst...
CVE-2019-10136
It was found that Spacewalk did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum...
The vulnerability of the proxy server used in software tools for managing Red Hat Satellite and Spacewalk systems allows a hacker to execute arbitrary code.
The vulnerability of the proxy server used in software solutions for managing Red Hat Satellite and Spacewalk systems is related to incorrect restrictions on the path name to the restricted access directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
satellite-5-client module update
Satellite 5 client module provides programs and libraries that allow your system to use provisioning, monitoring, and configuration management capabilities provided by AlmaLinux Satellite 5. This update fixes the following bugs: A build dependency on Python 2 gtk-builder-convert has been dropped...
satellite-5-client module update
An update is available for dnf-plugin-spacewalk, rhn-client-tools, rhnsd, rhnlib. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Satellite 5 client module...
ALBA-2019:1955 satellite-5-client module update
Satellite 5 client module provides programs and libraries that allow your system to use provisioning, monitoring, and configuration management capabilities provided by AlmaLinux Satellite 5. This update fixes the following bugs: A build dependency on Python 2 gtk-builder-convert has been dropped...
Directory Traversal
spacewalk proxy is vulnerable to directory traversal. An unauthenticated remote attacker is able to determine the existence of arbitrary system files by exploiting the vulnerable. Access to the proxy's filesystem would potentially allow the attacker to execute arbitrary code in the context of the...
Insecure Signature Validation
spacewalk uses insecure authentication signature validation. The client token checksums are not properly computed, which would allow an attacker to extend session validity by modifying the authenticated header set without modifying the checksum...
RHEL 6 : spacewalk-backend and spacewalk-proxy (RHSA-2019:1663)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1663 advisory. Spacewalk is an Open Source systems management solution that provides system provisioning, configuration and patching capabilities. Security Fixes:...
RHEL 6 : spacewalk-backend (RHSA-2019:1661)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1661 advisory. Spacewalk is an Open Source systems management solution that provides system provisioning, configuration and patching capabilities. Security Fixes:...
CVE-2019-10137
A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitra...
CVE-2019-10136
It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum...
CVE-2019-10137
A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitra...
CVE-2019-10136
It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum...
Design/Logic Flaw
It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum...
CVE-2019-10136
It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum...
CVE-2019-10136
CVE-2019-10136 is a Spacewalk vulnerability. The issue arises from Spacewalk (versions up to 2.9) not safely computing client token checksums, allowing an attacker with a valid but expired authenticated header set to rearrange digits and extend session validity without changing the checksum. Publ...
CVE-2019-10137
CVE-2019-10137 : A path traversal flaw in spacewalk-proxy (versions up to 2.9) stems from how the proxy processes cached client tokens, allowing a remote, unauthenticated attacker to test for arbitrary files on the proxy filesystem or execute code in the httpd context. Affected: spacewalk-proxy. ...
CVE-2019-10137
A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitra...
spacewalk: Insecure computation of authentication signatures during user authentication
It was found that Spacewalk did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum...