Detections
Analytics
RHEL 6 : Subscription Asset Manager 1.4 (RHSA-2014:1863)
high Nessus Plugin ID 79326
Language:
Synopsis
The remote Red Hat host is missing one or more security updates for Subscription Asset Manager 1.4.Description
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1863 advisory.Red Hat Subscription Asset Manager acts as a proxy for handling subscription information and software updates on client machines. Red Hat Subscription Asset Manager is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development.
Action Pack implements the controller and the view components.
A directory traversal flaw was found in the way Ruby on Rails handled wildcard segments in routes with implicit rendering. A remote attacker could use this flaw to retrieve arbitrary local files accessible to a Ruby on Rails application using the aforementioned routes via a specially crafted request. (CVE-2014-0130)
A flaw was found in the way Ruby on Rails handled hashes in certain queries. A remote attacker could use this flaw to perform a denial of service (resource consumption) attack by sending specially crafted queries that would result in the creation of Ruby symbols, which were never garbage collected. (CVE-2013-1854)
Two cross-site scripting (XSS) flaws were found in Action Pack. A remote attacker could use these flaws to conduct XSS attacks against users of an application using Action Pack. (CVE-2013-1855, CVE-2013-1857)
It was discovered that the internationalization component of Ruby on Rails could, under certain circumstances, return a fallback HTML string that contained user input. A remote attacker could possibly use this flaw to perform a reflective cross-site scripting (XSS) attack by providing a specially crafted input to an application using the aforementioned component. (CVE-2013-4491)
A denial of service flaw was found in the header handling component of Action View. A remote attacker could send strings in specially crafted headers that would be cached indefinitely, which would result in all available system memory eventually being consumed. (CVE-2013-6414)
It was found that the number_to_currency Action View helper did not properly escape the unit parameter. An attacker could use this flaw to perform a cross-site scripting (XSS) attack on an application that uses data submitted by a user in the unit parameter. (CVE-2013-6415)
Red Hat would like to thank Ruby on Rails upstream for reporting these issues. Upstream acknowledges Ben Murphy as the original reporter of CVE-2013-1854, Charlie Somerville as the original reporter of CVE-2013-1855, Alan Jenkins as the original reporter of CVE-2013-1857, Peter McLarnan as the original reporter of CVE-2013-4491, Toby Hsieh as the original reporter of CVE-2013-6414, and Ankit Gupta as the original reporter of CVE-2013-6415.
All Subscription Asset Manager users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the RHEL Subscription Asset Manager 1.4 package based on the guidance in RHSA-2014:1863.See Also
http://www.nessus.org/u?e032cd70
https://access.redhat.com/errata/RHSA-2014:1863
https://access.redhat.com/security/updates/classification/#important
https://bugzilla.redhat.com/show_bug.cgi?id=1036483
https://bugzilla.redhat.com/show_bug.cgi?id=1036910
https://bugzilla.redhat.com/show_bug.cgi?id=1036922
https://bugzilla.redhat.com/show_bug.cgi?id=1095105
https://bugzilla.redhat.com/show_bug.cgi?id=921329
Plugin Details
Severity: High
ID: 79326
File Name: redhat-RHSA-2014-1863.nasl
Version: 1.15
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 11/19/2014
Updated: 11/4/2024
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.1
Vendor
Vendor Severity: Important
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.6
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS Score Source: CVE-2014-0130
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-i18n, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-activesupport, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-mail, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-railties, p-cpe:/a:redhat:enterprise_linux:katello, cpe:/o:redhat:enterprise_linux:6, p-cpe:/a:redhat:enterprise_linux:katello-common, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-actionpack, p-cpe:/a:redhat:enterprise_linux:katello-headpin, p-cpe:/a:redhat:enterprise_linux:katello-headpin-all, p-cpe:/a:redhat:enterprise_linux:katello-glue-candlepin, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-actionmailer, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-activeresource, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-rack, p-cpe:/a:redhat:enterprise_linux:katello-glue-elasticsearch, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-activemodel, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-rails, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-activerecord
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 11/17/2014
Vulnerability Publication Date: 3/19/2013
CISA Known Exploited Vulnerability Due Dates: 4/15/2022
Reference Information
CVE: CVE-2013-1854, CVE-2013-1855, CVE-2013-1857, CVE-2013-4491, CVE-2013-6414, CVE-2013-6415, CVE-2014-0130