RHEL 7 : Satellite 6.10 Release (Moderate) (RHSA-2021:4702)

critical Nessus Plugin ID 155377

Language:

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4702 advisory.

Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool.

Security Fix(es):
* python-ecdsa: Unexpected and undocumented exceptions during signature decoding (CVE-2019-14853)
* python-ecdsa: DER encoding is not being verified in signatures (CVE-2019-14859)
* rubygem-activerecord-session_store: hijack sessions by using timing attacks targeting the session id (CVE-2019-25025)
* rake: OS Command Injection via egrep in Rake::FileList (CVE-2020-8130)
* candlepin: guava - local information disclosure via temporary directory created with unsafe permissions (CVE-2020-8908)
* PyYAML: incomplete fix for CVE-2020-1747 (CVE-2020-14343)
* tfm-rubygem-nokogiri: XML external entity injection via Nokogiri::XML::Schema (CVE-2020-26247)
* tfm-rubygem-foreman_azure_rm: Azure compute resource secret_key leak to authenticated users (CVE-2021-3413)
* foreman: possible man-in-the-middle in smart_proxy realm_freeipa (CVE-2021-3494)
* foreman: BMC controller credential leak via API (CVE-2021-20256)
* python-aiohttp: Open redirect in aiohttp.web_middlewares.normalize_path_middleware (CVE-2021-21330)
* rubygem-actionpack: Possible Information Disclosure / Unintended Method Execution in Action Pack (CVE-2021-22885)
* tfm-rubygem-actionpack: rails: Possible Denial of Service vulnerability in Action Dispatch (CVE-2021-22902)
* tfm-rubygem-actionpack: Possible DoS Vulnerability in Action Controller Token Authentication (CVE-2021-22904)
* python-django: potential directory-traversal via uploaded files (CVE-2021-28658)
* tfm-rubygem-puma: incomplete fix for CVE-2019-16770 allows Denial of Service (DoS) (CVE-2021-29509)
* python-django: Potential directory-traversal via uploaded files (CVE-2021-31542)
* tfm-rubygem-addressable: ReDoS in templates (CVE-2021-32740)
* python-django: Potential directory traversal via ``admindocs`` (CVE-2021-33203)
* python-urllib3: ReDoS in the parsing of authority part of URL (CVE-2021-33503)
* python-django: Possible indeterminate SSRF, RFI, and LFI attacks since validators accepted leading zeros in IPv4 addresses (CVE-2021-33571)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

* Updated Content Management backend with Pulp 3 for increased performance, scale and reliability. MongoDB is also removed from Satellite
* Adds support for Azure GovCloud
* Provides Satellite 6.10 Server support for Satellite 6.9 Capsules
* Improves support for Satellite Air Gapped and Disconnected environments
* Adds Ansible Collections content type to support disconnected environments
* Foreman_webhooks introduced to replace foreman_hooks
* Introduces UI to manage Personal Access Tokens
* Adds ability to configure Pulp repository synchronization timeouts
* Support for Convert2RHEL
* Provides advanced options when registering a host
* Supports remediation playbook signatures from console.redhat.com
* Red Hat Insights Plugin replaced through new integration within Satellite
* Ability to visually represent systems registered and in sync with Insights
* Ability to verify if required packages are installed as part of pre-upgrade check
* Ability to unset environment variables when installer is running
* Ability to turn backups on and off when cleaning up tasks from database

The items above are not a complete list of changes. This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Plugin Details

Severity: Critical

ID: 155377

File Name: redhat-RHSA-2021-4702.nasl

Version: 1.10

Type: local

Agent: unix

Family: Red Hat Local Security Checks

Published: 11/17/2021

Updated: 11/7/2024

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2020-14343

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS v4

Risk Factor: Critical

Base Score: 9.3

Threat Score: 8.9

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:python3-django, p-cpe:/a:redhat:enterprise_linux:satellite, p-cpe:/a:redhat:enterprise_linux:satellite-capsule, p-cpe:/a:redhat:enterprise_linux:foreman, p-cpe:/a:redhat:enterprise_linux:python-ecdsa, p-cpe:/a:redhat:enterprise_linux:python-pyyaml, p-cpe:/a:redhat:enterprise_linux:python3-ecdsa, p-cpe:/a:redhat:enterprise_linux:python3-urllib3, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-nokogiri, p-cpe:/a:redhat:enterprise_linux:python3-pyyaml, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-actionpack, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-puma, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:python-urllib3, p-cpe:/a:redhat:enterprise_linux:python-aiohttp, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activerecord-session_store, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-addressable, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rails, p-cpe:/a:redhat:enterprise_linux:candlepin

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/16/2021

Vulnerability Publication Date: 10/8/2019

Reference Information

CVE: CVE-2019-14853, CVE-2019-14859, CVE-2019-25025, CVE-2020-14343, CVE-2020-26247, CVE-2020-8130, CVE-2020-8908, CVE-2021-20256, CVE-2021-21330, CVE-2021-22885, CVE-2021-22902, CVE-2021-22904, CVE-2021-28658, CVE-2021-29509, CVE-2021-31542, CVE-2021-32740, CVE-2021-33203, CVE-2021-33503, CVE-2021-33571, CVE-2021-3413, CVE-2021-3494

CWE: 20, 200, 22, 319, 347, 391, 400, 601, 611, 78, 835, 918

IAVA: 2021-A-0463

RHSA: 2021:4702

Detections

Analytics

RHEL 7 : Satellite 6.10 Release (Moderate) (RHSA-2021:4702)

critical Nessus Plugin ID 155377

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

VPR

Vendor

CVSS v2

CVSS v3

CVSS v4

Vulnerability Information

Reference Information