Detections
Analytics

RHEL 5 : Red Hat Certificate System 8 (RHSA-2017:2560)

medium Nessus Plugin ID 210259

Synopsis

The remote Red Hat host is missing a security update.

Description

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:2560 advisory.

 Red Hat Certificate System is a complete implementation of an enterprise software system designed to manage enterprise public key infrastructure (PKI) deployments.

 Security Fix(es):

 * An input validation error was found in Red Hat Certificate System's handling of client provided certificates. If the certreq field is not present in a certificate an assertion error is triggered causing a denial of service. (CVE-2017-7509)

 Bug Fix(es):

 * Previously, the Token Management System (TMS) required that certificates that were on hold must first become valid before they can be revoked. This update removes that limitation, and it is now possible to directly revoke currently on hold certificates. (BZ#1262000)

 * With this update, Red Hat Certificate System instances can be installed using existing CA signing certificate/keys. This existing CA can be a functional CA from a different vendor, or keys or CSR generated to be signed by an external CA for the purpose of chaining it to a publicly recognized CA.

 Note that this feature is only supported when installing with the pkisilent tool, not when using the graphical user interface. Additionally, since the CSR is generated externally prior to configuration of the CA instance and is not stored in the NSS security databases, it should be understood that the CSR value attached to the ca.signing.certreq variable stored inside the /var/lib/pki-ca/conf/CS.cfg file is a reconstruction of the CSR created during configuration, and not the original CSR utilized to obtain the existing CA certificate. (BZ#1280391)

 * Previously, a bug in CRLDistributionPointsExtension caused some certificate profiles to encounter problems when being viewed in the Certificate Manager graphical interface. This bug is now fixed, and aforementioned profile can now be viewed normally. (BZ#1282589)

 * Previously, if access to a component such as an HSM or an LDAP server was lost during Certificate Revocation List (CRL) generation, the CA could become stuck in a loop that generated large amounts of log entries until the problem was resolved. To avoid these scenarios, two new configuration parameters are being introduced in this patch to allow the CA to slow down. (BZ#1290650)

 * A patch has been applied to the Token Processing System (TPS) to ensure that the symmetricKeys.requiredVersion option is being handled correctly in all cases. (BZ#1302103)

 * A patch has been applied to the Certificate System Token Processing System (TPS) to fix a bug where existing objects were not always cleared when enrolling over an active token. (BZ#1302116)

 * This update fixes a bug where the Token Processing System (TPS) could not correctly execute re- enrollment operations (taking a currently enrolled token and enrolling it again with new certificates) on some G&D smart cards. (BZ#1320283)

 * The Token Processing System (TPS) could previously leave old data in a token's Coolkey applet when re- enrolling the token with new certificates and keys. This bug is now fixed, and only data associated with certificates which are actually on the token is preserved after a successful re-enrollment. (BZ#1327653)

 * Previously, a problem when setting the final life cycle state of a token at the end of a re-enrollment operation could cause it to fail to report that it is properly enrolled. This bug is now fixed, and re- enrolled token now report their enrolled status accurately. (BZ#1382376)

 * Prior to this update, ECDSA certificates were issued with a NULL value in the parameter field. These certificates were not compliant with the RFC 5758 specification which mandates this field to be omitted completely. This bug has been fixed, and ECDSA certificates are now issued without the parameter field.
 (BZ#1454414)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://access.redhat.com/security/updates/classification/#moderate

https://bugzilla.redhat.com/show_bug.cgi?id=1456030

http://www.nessus.org/u?8e126989

https://access.redhat.com/errata/RHSA-2017:2560

Plugin Details

Severity: Medium

ID: 210259

File Name: redhat-RHSA-2017-2560.nasl

Version: 1.1

Type: local

Agent: unix

Published: 11/5/2024

Updated: 11/5/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS Score Source: CVE-2017-7509

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:redhat:enterprise_linux:5, p-cpe:/a:redhat:enterprise_linux:pki-common, p-cpe:/a:redhat:enterprise_linux:redhat-pki-ca-ui, p-cpe:/a:redhat:enterprise_linux:pki-util-javadoc, p-cpe:/a:redhat:enterprise_linux:pki-util, p-cpe:/a:redhat:enterprise_linux:pki-silent, p-cpe:/a:redhat:enterprise_linux:pki-kra, p-cpe:/a:redhat:enterprise_linux:pki-tps, p-cpe:/a:redhat:enterprise_linux:pki-ca, p-cpe:/a:redhat:enterprise_linux:pki-common-javadoc

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 8/30/2017

Vulnerability Publication Date: 8/30/2017

Reference Information

CVE: CVE-2017-7509

CWE: 20

RHSA: 2017:2560