Rapid7 Vulnerability & Exploit Database

RHSA-2013:0686: Subscription Asset Manager 1.2.1 update

Back to Search

RHSA-2013:0686: Subscription Asset Manager 1.2.1 update

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
02/12/2013
Created
07/25/2018
Added
03/27/2013
Modified
07/04/2017

Description

Red Hat Subscription Asset Manager acts as a proxy for handlingsubscription information and software updates on client machines.The latest packages for Subscription Asset Manager include a number of securityfixes:When a Subscription Asset Manager instance is created, its configurationscript automatically creates an RPM of the internal subscription service CA certificate. However, this RPM incorrectly created the CA certificatewith file permissions of 0666. This allowed other users on a client systemto modify the CA certificate used to trust the remote subscription server.All administrators are advised to update and deploy the subscriptionservice certificate on all systems which use Subscription Asset Manageras their subscription service. This procedure is described in:https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Subscription_Asset_Manager/1.2/html/Installation_Guide/sect-Installation_Guide-Administration-Upgrading_Subscription_Asset_Manager.html(CVE-2012-6116)Manifest signature checking was not implemented for early versions of Subscription Asset Manager. This meant that a malicious user could edita manifest file, insert arbitrary data, and successfully upload the editedmanifest file into the Subscription Asset Manager server. (CVE-2012-6119)Ruby's documentation generator had a flaw in the way it generated HTMLdocumentation. When a Ruby application exposed its documentationon a network (such as a web page), an attacker could use a specially-crafted URL to open an arbitrary web script or to execute HTML codewithin the application's user session. (CVE-2013-0256)A timing attack flaw was found in the way rubygem-rack andruby193-rubygem-rack processed HMAC digests in cookies. This flaw could aidan attacker using forged digital signatures to bypass authenticationchecks. (CVE-2013-0263)A flaw in rubygem-json allowed remote attacks by creating different typesof malicious objects. For example, it could initiate a denial of service(DoS) attack through resource consumption by using a JSON document tocreate arbitrary Ruby symbols, which were never garbage collected. Itcould also be exploited to create internal objects which could allow a SQLinjection attack. (CVE-2013-0269)A flaw in ActiveRecord in Ruby on Rails allowed remote attackers tocircumvent attribute protections and to insert their own crafted requeststo change protected attribute values. (CVE-2013-0276)HTML markup was not properly escaped when filling in the username field inthe Notifications form of the Subscription Asset Manager UI. This meantthat HTML code used in the value was then applied in the UI page when theentry was viewed. This could have allowed malicious HTML code to beentered. The field value is now validated and any HTML tags are escaped.(CVE-2013-1823)These updated packages also include bug fixes and enhancements:All users of Subscription Asset Manager are recommended to update to thelatest packages.

Solution(s)

  • redhat-upgrade-candlepin
  • redhat-upgrade-candlepin-devel
  • redhat-upgrade-candlepin-selinux
  • redhat-upgrade-candlepin-tomcat6
  • redhat-upgrade-katello-common
  • redhat-upgrade-katello-configure
  • redhat-upgrade-katello-glue-candlepin
  • redhat-upgrade-katello-headpin
  • redhat-upgrade-katello-headpin-all
  • redhat-upgrade-ruby-nokogiri
  • redhat-upgrade-rubygem-actionpack
  • redhat-upgrade-rubygem-activemodel
  • redhat-upgrade-rubygem-activemodel-doc
  • redhat-upgrade-rubygem-delayed_job
  • redhat-upgrade-rubygem-delayed_job-doc
  • redhat-upgrade-rubygem-json
  • redhat-upgrade-rubygem-json-debuginfo
  • redhat-upgrade-rubygem-nokogiri
  • redhat-upgrade-rubygem-nokogiri-debuginfo
  • redhat-upgrade-rubygem-nokogiri-doc
  • redhat-upgrade-rubygem-rack
  • redhat-upgrade-rubygem-rails_warden
  • redhat-upgrade-rubygem-rails_warden-doc
  • redhat-upgrade-rubygem-rdoc
  • redhat-upgrade-rubygem-rdoc-doc
  • redhat-upgrade-thumbslug
  • redhat-upgrade-thumbslug-selinux

References

  • redhat-upgrade-candlepin
  • redhat-upgrade-candlepin-devel
  • redhat-upgrade-candlepin-selinux
  • redhat-upgrade-candlepin-tomcat6
  • redhat-upgrade-katello-common
  • redhat-upgrade-katello-configure
  • redhat-upgrade-katello-glue-candlepin
  • redhat-upgrade-katello-headpin
  • redhat-upgrade-katello-headpin-all
  • redhat-upgrade-ruby-nokogiri
  • redhat-upgrade-rubygem-actionpack
  • redhat-upgrade-rubygem-activemodel
  • redhat-upgrade-rubygem-activemodel-doc
  • redhat-upgrade-rubygem-delayed_job
  • redhat-upgrade-rubygem-delayed_job-doc
  • redhat-upgrade-rubygem-json
  • redhat-upgrade-rubygem-json-debuginfo
  • redhat-upgrade-rubygem-nokogiri
  • redhat-upgrade-rubygem-nokogiri-debuginfo
  • redhat-upgrade-rubygem-nokogiri-doc
  • redhat-upgrade-rubygem-rack
  • redhat-upgrade-rubygem-rails_warden
  • redhat-upgrade-rubygem-rails_warden-doc
  • redhat-upgrade-rubygem-rdoc
  • redhat-upgrade-rubygem-rdoc-doc
  • redhat-upgrade-thumbslug
  • redhat-upgrade-thumbslug-selinux

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;