RHEL 7 : Satellite Server (RHSA-2015:1591)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Red Hat Satellite 6.1 now available for Red Hat Enterprise Linux 7.

Red Hat Satellite is a systems management tool for Linux-based
infrastructures. It allows for provisioning, remote management and
monitoring of multiple Linux deployments with a single, centralized
tool. It performs provisioning and configuration management of
predefined standard operating environments.

This update provides Satellite 6.1 packages for Red Hat Enterprise
Linux 7. For the full list of new features provided by Satellite 6.1
see the Release notes linked to in references section. (BZ#1201357)

It was discovered that in Foreman the edit_users permissions (for
example, granted to the Manager role) allowed the user to edit admin
user passwords. An attacker with the edit_users permissions could use
this flaw to access an admin user account, leading to an escalation of
privileges. (CVE-2015-3235)

It was found that Foreman did not set the HttpOnly flag on session
cookies. This could allow a malicious script to access the session
cookie. (CVE-2015-3155)

It was found that when making an SSL connection to an LDAP
authentication source in Foreman, the remote server certificate was
accepted without any verification against known certificate
authorities, potentially making TLS connections vulnerable to
man-in-the-middle attacks. (CVE-2015-1816)

A flaw was found in the way foreman authorized user actions on
resources via the API when an organization was not explicitly set. A
remote attacker could use this flaw to obtain additional information
about resources they were not authorized to access. (CVE-2015-1844)

A cross-site scripting (XSS) flaw was found in Foreman's template
preview screen. A remote attacker could use this flaw to perform
cross-site scripting attacks by tricking a user into viewing a
malicious template. Note that templates are commonly shared among
users. (CVE-2014-3653)

It was found that python-oauth2 did not properly verify the nonce of a
signed URL. An attacker able to capture network traffic of a website
using OAuth2 authentication could use this flaw to conduct replay
attacks against that website. (CVE-2013-4346)

It was found that python-oauth2 did not properly generate random
values for use in nonces. An attacker able to capture network traffic
of a website using OAuth2 authentication could use this flaw to
conduct replay attacks against that website. (CVE-2013-4347)

Red Hat would like to thank Rufus Jarnefelt of Coresec for reporting
the foreman HttpOnly issue.

All users who require Satellite 6.1 are advised to install these new
packages.

See also :

http://rhn.redhat.com/errata/RHSA-2015-1591.html
https://www.redhat.com/security/data/cve/CVE-2013-4346.html
https://www.redhat.com/security/data/cve/CVE-2013-4347.html
https://www.redhat.com/security/data/cve/CVE-2014-3653.html
https://www.redhat.com/security/data/cve/CVE-2015-1816.html
https://www.redhat.com/security/data/cve/CVE-2015-1844.html
https://www.redhat.com/security/data/cve/CVE-2015-3155.html
https://www.redhat.com/security/data/cve/CVE-2015-3235.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.0
(CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Red Hat Local Security Checks

Nessus Plugin ID: 85715 ()

Bugtraq ID:

CVE ID: CVE-2013-4346
CVE-2013-4347
CVE-2014-3653
CVE-2015-1816
CVE-2015-1844
CVE-2015-3155
CVE-2015-3235

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now