Synopsis
The remote Red Hat host is missing one or more security updates for Django.
Description
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0456 advisory.
The Django web framework is used by horizon, the OpenStack Dashboard, which is a web interface for managing OpenStack services.
A flaw was found in the way Django's reverse() URL resolver function constructed certain URLs. A remote attacker able to request a specially crafted view from a Django application could use this flaw to import and execute arbitrary Python modules on the system under the privileges of the user running the application. (CVE-2014-0472)
It was found that Django's caching framework reused Cross-Site Request Forgery (CSRF) nonces for all requests from unauthenticated clients.
A remote attacker could use this flaw to acquire the CSRF token of a different user and bypass intended CSRF protections in a Django application. (CVE-2014-0473)
It was discovered that certain Django model field classes did not properly perform type conversion on their arguments. A remote attacker could use this flaw to submit a specially crafted SQL query that, when processed by a Django application using a MySQL database, could have various application-specific impacts on the MySQL database. (CVE-2014-0474)
Red Hat would like to thank the upstream Django project for reporting this issue. Upstream acknowledges Benjamin Bach as the original reporter of CVE-2014-0472, Paul McMillan as the original reporter of CVE-2014-0473, and the Ruby on Rails team, and specifically Michael Koziarski, as the original reporters of CVE-2014-0474.
All users of OpenStack Dashboard are advised to upgrade to these updated packages, which resolve these issues. After installing the updated packages, the httpd daemon must be restarted (service httpd restart) for the update to take effect.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the RHEL Django package based on the guidance in RHSA-2014:0456.
Plugin Details
File Name: redhat-RHSA-2014-0456.nasl
Agent: unix
Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
Vendor
Vendor Severity: Moderate
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:django14-doc, cpe:/o:redhat:enterprise_linux:6, p-cpe:/a:redhat:enterprise_linux:django14
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Ease: No known exploits are available
Patch Publication Date: 4/30/2014
Vulnerability Publication Date: 4/21/2014