RHEL 6 / 7 : ruby193-rubygem-katello (RHSA-2016:1083)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

An update for ruby193-rubygem-katello is now available for Red Hat
Satellite 6.1.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

Red Hat Satellite is a system management solution that allows
organizations to configure and maintain their systems without the
necessity to provide public Internet access to their servers or other
client systems. It performs provisioning and configuration management
of predefined standard operating environments.

Security Fix(es) :

* An input sanitization flaw was found in the scoped search parameters
sort_by and sort_order in the REST API. An authenticated user could
use this flaw to perform a SQL injection attack on the Katello back
end database. (CVE-2016-3072)

See also :

http://rhn.redhat.com/errata/RHSA-2016-1083.html
https://www.redhat.com/security/data/cve/CVE-2016-3072.html

Solution :

Update the affected ruby193-rubygem-katello package.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 5.2
(CVSS2#E:U/RL:ND/RC:UR)
Public Exploit Available : false

Family: Red Hat Local Security Checks

Nessus Plugin ID: 91179 ()

Bugtraq ID:

CVE ID: CVE-2016-3072

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now