The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack.

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1592 advisory.

    Red Hat Product Security has rated this update as having an important     security impact. Common Vulnerability Scoring System (CVSS) base scores,     which give detailed severity ratings, are available for each vulnerability     from the CVE links in the References section.

    Red Hat Satellite is a system management solution that allows organizations     to configure and maintain their systems without the necessity to provide     public Internet access to their servers or other client systems. It     performs provisioning and configuration management of predefined standard     operating environments.

    This update provides Satellite 6.1 packages for Red Hat Enterprise Linux 6.
    For the full list of new features provided by Satellite 6.1 see the Release     notes linked to in References section. (BZ#1201357)

    It was discovered that, in Foreman, the edit_users permission (for example,     granted to the Manager role) allowed the user to edit admin user passwords.
    An attacker with the edit_users permission could use this flaw to access     an admin user account, leading to an escalation of privileges.
    (CVE-2015-3235)

    It was found that Foreman did not set the HttpOnly flag on session cookies.
    This could allow a malicious script to access the session cookie.
    (CVE-2015-3155)

    It was found that when making an SSL connection to an LDAP authentication     source in Foreman, the remote server certificate was accepted without any     verification against known certificate authorities, potentially making     TLS connections vulnerable to man-in-the-middle attacks. (CVE-2015-1816)

    A flaw was found in the way Foreman authorized user actions on resources     via the API when an organization was not explicitly set. A remote attacker     could use this flaw to obtain additional information about resources they     were not authorized to access. (CVE-2015-1844)

    A cross-site scripting (XSS) flaw was found in Foreman's template preview     screen. A remote attacker could use this flaw to perform cross-site     scripting attacks by tricking a user into viewing a malicious template.
    Note that templates are commonly shared among users. (CVE-2014-3653)

    It was found that python-oauth2 did not properly verify the nonce of a     signed URL. An attacker able to capture network traffic of a website using     OAuth2 authentication could use this flaw to conduct replay attacks     against that website. (CVE-2013-4346)

    It was found that python-oauth2 did not properly generate random values     for use in nonces. An attacker able to capture network traffic of a website     using OAuth2 authentication could use this flaw to conduct replay attacks     against that website. (CVE-2013-4347)

    Red Hat would like to thank Rufus Jrnefelt of Coresec for reporting the     Foreman HttpOnly issue.

    All users who require Satellite 6.1 are advised to install these new     packages.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1591 advisory.

    Red Hat Satellite is a systems management tool for Linux-based     infrastructures. It allows for provisioning, remote management and     monitoring of multiple Linux deployments with a single, centralized tool.
    It performs provisioning and configuration management of predefined     standard operating environments.

    This update provides Satellite 6.1 packages for Red Hat Enterprise Linux 7.
    For the full list of new features provided by Satellite 6.1 see the Release     notes linked to in references section. (BZ#1201357)

    It was discovered that in Foreman the edit_users permissions (for example,     granted to the Manager role) allowed the user to edit admin user passwords.
    An attacker with the edit_users permissions could use this flaw to access     an admin user account, leading to an escalation of privileges.
    (CVE-2015-3235)

    It was found that Foreman did not set the HttpOnly flag on session cookies.
    This could allow a malicious script to access the session cookie.
    (CVE-2015-3155)

    It was found that when making an SSL connection to an LDAP authentication     source in Foreman, the remote server certificate was accepted without any     verification against known certificate authorities, potentially making     TLS connections vulnerable to man-in-the-middle attacks. (CVE-2015-1816)

    A flaw was found in the way foreman authorized user actions on resources     via the API when an organization was not explicitly set. A remote attacker     could use this flaw to obtain additional information about resources they     were not authorized to access. (CVE-2015-1844)

    A cross-site scripting (XSS) flaw was found in Foreman's template preview     screen. A remote attacker could use this flaw to perform cross-site     scripting attacks by tricking a user into viewing a malicious template.
    Note that templates are commonly shared among users. (CVE-2014-3653)

    It was found that python-oauth2 did not properly verify the nonce of a     signed URL. An attacker able to capture network traffic of a website using     OAuth2 authentication could use this flaw to conduct replay attacks     against that website. (CVE-2013-4346)

    It was found that python-oauth2 did not properly generate random values     for use in nonces. An attacker able to capture network traffic of a website     using OAuth2 authentication could use this flaw to conduct replay attacks     against that website. (CVE-2013-4347)

    Red Hat would like to thank Rufus Jrnefelt of Coresec for reporting the     foreman HttpOnly issue.

    All users who require Satellite 6.1 are advised to install these new packages.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Actually apply patch to fix CVE-2013-4347 (thanks to Jason Green, Matt Wilson). Fix CVE-2013-4346 and CVE-2013-4347, thanks to Philippe Makowski. Fix CVE-2013-4346 and CVE-2013-4347, thanks to Philippe Makowski.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL.

The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute-force attack.

Fix CVE-2013-4346 and CVE-2013-4347, thanks to Philippe Makowski.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
85716	RHEL 6 : Red Hat Satellite 6.1.1 on RHEL 6 (Important) (RHSA-2015:1592)	Nessus	Red Hat Local Security Checks	high
85715	RHEL 7 : Red Hat Satellite 6.1.1 on RHEL 7 (Important) (RHSA-2015:1591)	Nessus	Red Hat Local Security Checks	critical
78788	Fedora 21 : python-oauth2-1.5.211-8.fc21 (2014-12483)	Nessus	Fedora Local Security Checks	medium
78706	Fedora 19 : python-oauth2-1.5.211-8.fc19 (2014-12536)	Nessus	Fedora Local Security Checks	medium
78705	Fedora 20 : python-oauth2-1.5.211-8.fc20 (2014-12475)	Nessus	Fedora Local Security Checks	medium
78448	Amazon Linux AMI : python-oauth2 (ALAS-2014-425)	Nessus	Amazon Linux Local Security Checks	medium
77925	Fedora 21 : python-oauth2-1.5.211-7.fc21 (2014-10809)	Nessus	Fedora Local Security Checks	medium
77924	Fedora 20 : python-oauth2-1.5.211-7.fc20 (2014-10786)	Nessus	Fedora Local Security Checks	medium
77923	Fedora 19 : python-oauth2-1.5.211-7.fc19 (2014-10784)	Nessus	Fedora Local Security Checks	medium

Detections

Analytics

CVE-2013-4347

medium

Tenable Plugins

high

critical

medium

medium

medium

medium

medium

medium

medium