Detections
Analytics

RHEL 6 : Red Hat OpenShift Enterprise 2.2.9 (RHSA-2016:0489)

critical Nessus Plugin ID 119368

Language:

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0489 advisory.

 OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.

 The following security issue is addressed with this release:

 It was found that ActiveMQ did not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the ActiveMQ application. (CVE-2015-5254)

 An update for Jenkins Continuous Integration Server that addresses a large number of security issues including XSS, CSRF, information disclosure and code execution have been addressed as well.
 (CVE-2015-5317, CVE-2015-5318, CVE-2015-5319, CVE-2015-5320, CVE-2015-5321, CVE-2015-5322, CVE-2015-5323, CVE-2015-5324, CVE-2015-5325, CVE-2015-5326, CVE-2015-7537, CVE-2015-7538, CVE-2015-7539, CVE-2015-8103)

 Space precludes documenting all of the bug fixes in this advisory. See the OpenShift Enterprise Technical Notes, which will be updated shortly for release 2.2.9, for details about these changes:

 https://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html- single/Technical_Notes/index.html

 All OpenShift Enterprise 2 users are advised to upgrade to these updated packages.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?c398eee2

https://access.redhat.com/errata/RHSA-2016:0489

https://access.redhat.com/security/updates/classification/#important

https://bugzilla.redhat.com/show_bug.cgi?id=1111456

https://bugzilla.redhat.com/show_bug.cgi?id=1140816

https://bugzilla.redhat.com/show_bug.cgi?id=1160934

https://bugzilla.redhat.com/show_bug.cgi?id=1168480

https://bugzilla.redhat.com/show_bug.cgi?id=1169690

https://bugzilla.redhat.com/show_bug.cgi?id=1265423

https://bugzilla.redhat.com/show_bug.cgi?id=1265811

https://bugzilla.redhat.com/show_bug.cgi?id=1279584

https://bugzilla.redhat.com/show_bug.cgi?id=1282359

https://bugzilla.redhat.com/show_bug.cgi?id=1282361

https://bugzilla.redhat.com/show_bug.cgi?id=1282362

https://bugzilla.redhat.com/show_bug.cgi?id=1282363

https://bugzilla.redhat.com/show_bug.cgi?id=1282364

https://bugzilla.redhat.com/show_bug.cgi?id=1282365

https://bugzilla.redhat.com/show_bug.cgi?id=1282366

https://bugzilla.redhat.com/show_bug.cgi?id=1282367

https://bugzilla.redhat.com/show_bug.cgi?id=1282368

https://bugzilla.redhat.com/show_bug.cgi?id=1282369

https://bugzilla.redhat.com/show_bug.cgi?id=1282371

https://bugzilla.redhat.com/show_bug.cgi?id=1283372

https://bugzilla.redhat.com/show_bug.cgi?id=1291292

https://bugzilla.redhat.com/show_bug.cgi?id=1291795

https://bugzilla.redhat.com/show_bug.cgi?id=1291797

https://bugzilla.redhat.com/show_bug.cgi?id=1291798

https://bugzilla.redhat.com/show_bug.cgi?id=1294513

https://bugzilla.redhat.com/show_bug.cgi?id=1299014

https://bugzilla.redhat.com/show_bug.cgi?id=1299095

https://bugzilla.redhat.com/show_bug.cgi?id=1302787

https://bugzilla.redhat.com/show_bug.cgi?id=1305688

https://bugzilla.redhat.com/show_bug.cgi?id=1307174

https://bugzilla.redhat.com/show_bug.cgi?id=1307175

https://bugzilla.redhat.com/show_bug.cgi?id=1308716

https://bugzilla.redhat.com/show_bug.cgi?id=1308718

https://bugzilla.redhat.com/show_bug.cgi?id=1308720

https://bugzilla.redhat.com/show_bug.cgi?id=1308722

https://bugzilla.redhat.com/show_bug.cgi?id=1308739

https://bugzilla.redhat.com/show_bug.cgi?id=1310247

https://bugzilla.redhat.com/show_bug.cgi?id=1310266

https://bugzilla.redhat.com/show_bug.cgi?id=1310841

https://bugzilla.redhat.com/show_bug.cgi?id=1314535

https://bugzilla.redhat.com/show_bug.cgi?id=1314546

Plugin Details

Severity: Critical

ID: 119368

File Name: redhat-RHSA-2016-0489.nasl

Version: 1.12

Type: local

Agent: unix

Published: 12/4/2018

Updated: 11/4/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

Vendor

Vendor Severity: Important

CVSS v2

Risk Factor: High

Base Score: 7.6

Temporal Score: 6.3

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2015-7539

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

CVSS Score Source: CVE-2015-8103

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:openshift-enterprise-upgrade-broker, p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-node, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-cron, cpe:/o:redhat:enterprise_linux:6, p-cpe:/a:redhat:enterprise_linux:jenkins, p-cpe:/a:redhat:enterprise_linux:openshift-origin-node-proxy, p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-controller, p-cpe:/a:redhat:enterprise_linux:php-fpm, p-cpe:/a:redhat:enterprise_linux:openshift-enterprise-yum-validator, p-cpe:/a:redhat:enterprise_linux:php-bcmath, p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-common, p-cpe:/a:redhat:enterprise_linux:openshift-enterprise-release, p-cpe:/a:redhat:enterprise_linux:php-devel, p-cpe:/a:redhat:enterprise_linux:openshift-origin-broker-util, p-cpe:/a:redhat:enterprise_linux:openshift-enterprise-upgrade-node, p-cpe:/a:redhat:enterprise_linux:openshift-enterprise-upgrade, p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-console, p-cpe:/a:redhat:enterprise_linux:php, p-cpe:/a:redhat:enterprise_linux:openshift-origin-msg-node-mcollective, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-mysql, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-haproxy, p-cpe:/a:redhat:enterprise_linux:activemq-client, p-cpe:/a:redhat:enterprise_linux:php-imap, p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-frontend-apache-vhost, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-python, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-php, p-cpe:/a:redhat:enterprise_linux:php-mbstring, p-cpe:/a:redhat:enterprise_linux:php-intl, p-cpe:/a:redhat:enterprise_linux:activemq, p-cpe:/a:redhat:enterprise_linux:openshift-origin-node-util, p-cpe:/a:redhat:enterprise_linux:rhc, p-cpe:/a:redhat:enterprise_linux:php-process

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/22/2016

Vulnerability Publication Date: 11/25/2015

CISA Known Exploited Vulnerability Due Dates: 6/2/2023

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (OpenNMS Java Object Unserialization Remote Code Execution)

Reference Information

CVE: CVE-2015-5254, CVE-2015-5317, CVE-2015-5318, CVE-2015-5319, CVE-2015-5320, CVE-2015-5321, CVE-2015-5322, CVE-2015-5323, CVE-2015-5324, CVE-2015-5325, CVE-2015-5326, CVE-2015-7537, CVE-2015-7538, CVE-2015-7539, CVE-2015-8103

CWE: 352, 502, 79

RHSA: 2016:0489