RHEL 6 : Django (RHSA-2014:0456)

critical Nessus Plugin ID 210209

Synopsis

The remote Red Hat host is missing one or more security updates for Django.

Description

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0456 advisory.

The Django web framework is used by horizon, the OpenStack Dashboard, which is a web interface for managing OpenStack services.

A flaw was found in the way Django's reverse() URL resolver function constructed certain URLs. A remote attacker able to request a specially crafted view from a Django application could use this flaw to import and execute arbitrary Python modules on the system under the privileges of the user running the application. (CVE-2014-0472)

It was found that Django's caching framework reused Cross-Site Request Forgery (CSRF) nonces for all requests from unauthenticated clients.
A remote attacker could use this flaw to acquire the CSRF token of a different user and bypass intended CSRF protections in a Django application. (CVE-2014-0473)

It was discovered that certain Django model field classes did not properly perform type conversion on their arguments. A remote attacker could use this flaw to submit a specially crafted SQL query that, when processed by a Django application using a MySQL database, could have various application-specific impacts on the MySQL database. (CVE-2014-0474)

Red Hat would like to thank the upstream Django project for reporting this issue. Upstream acknowledges Benjamin Bach as the original reporter of CVE-2014-0472, Paul McMillan as the original reporter of CVE-2014-0473, and the Ruby on Rails team, and specifically Michael Koziarski, as the original reporters of CVE-2014-0474.

All users of OpenStack Dashboard are advised to upgrade to these updated packages, which resolve these issues. After installing the updated packages, the httpd daemon must be restarted (service httpd restart) for the update to take effect.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL Django package based on the guidance in RHSA-2014:0456.

See Also

https://access.redhat.com/security/updates/classification/#moderate

https://bugzilla.redhat.com/show_bug.cgi?id=1090588

https://bugzilla.redhat.com/show_bug.cgi?id=1090592

https://bugzilla.redhat.com/show_bug.cgi?id=1090593

http://www.nessus.org/u?e02f34f7

https://access.redhat.com/errata/RHSA-2014:0456

Plugin Details

Severity: Critical

ID: 210209

File Name: redhat-RHSA-2014-0456.nasl

Version: 1.1

Type: local

Agent: unix

Published: 11/4/2024

Updated: 11/4/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2014-0474

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:django14-doc, cpe:/o:redhat:enterprise_linux:6, p-cpe:/a:redhat:enterprise_linux:django14

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 4/30/2014

Vulnerability Publication Date: 4/21/2014

Reference Information

CVE: CVE-2014-0472, CVE-2014-0473, CVE-2014-0474

CWE: 352

RHSA: 2014:0456