Rapid7 Vulnerability & Exploit Database

RHSA-2014:1194: conga security and bug fix update

Back to Search

RHSA-2014:1194: conga security and bug fix update

Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
09/16/2014
Created
07/25/2018
Added
09/19/2014
Modified
07/04/2017

Description

The Conga project is a management system for remote workstations.It consists of luci, which is a secure web-based front end, and ricci,which is a secure daemon that dispatches incoming messages to underlyingmanagement modules.It was discovered that Plone, included as a part of luci, did not properlyprotect the administrator interface (control panel). A remote attackercould use this flaw to inject a specially crafted Python statement orscript into Plone's restricted Python sandbox that, when the administratorinterface was accessed, would be executed with the privileges of thatadministrator user. (CVE-2012-5485)It was discovered that Plone, included as a part of luci, did not properlysanitize HTTP headers provided within certain URL requests. A remoteattacker could use a specially crafted URL that, when processed, wouldcause the injected HTTP headers to be returned as a part of the Plone HTTPresponse, potentially allowing the attacker to perform other more advancedattacks. (CVE-2012-5486)Multiple information leak flaws were found in the way conga processed lucisite extension-related URL requests. A remote, unauthenticated attackercould issue a specially crafted HTTP request that, when processed, wouldresult in unauthorized information disclosure. (CVE-2013-6496)It was discovered that various components in the luci siteextension-related URLs were not properly restricted to administrativeusers. A remote, authenticated attacker could escalate their privileges toperform certain actions that should be restricted to administrative users,such as adding users and systems, and viewing log data. (CVE-2014-3521)It was discovered that Plone, included as a part of luci, did not properlyprotect the privilege of running RestrictedPython scripts. A remoteattacker could use a specially crafted URL that, when processed, wouldallow the attacker to submit and perform expensive computations or, inconjunction with other attacks, be able to access or alter privilegedinformation. (CVE-2012-5488)It was discovered that Plone, included as a part of luci, did not properlyenforce permissions checks on the membership database. A remote attackercould use a specially crafted URL that, when processed, could allow theattacker to enumerate user account names. (CVE-2012-5497)It was discovered that Plone, included as a part of luci, did not properlyhandle the processing of requests for certain collections. A remoteattacker could use a specially crafted URL that, when processed, would leadto excessive I/O and/or cache resource consumption. (CVE-2012-5498)It was discovered that Plone, included as a part of luci, did not properlyhandle the processing of very large values passed to an internal utilityfunction. A remote attacker could use a specially crafted URL that, whenprocessed, would lead to excessive memory consumption. (CVE-2012-5499)It was discovered that Plone, included as a part of luci, allowed a remoteanonymous user to change titles of content items due to improperpermissions checks. (CVE-2012-5500)The CVE-2014-3521 issue was discovered by Radek Steiger of Red Hat, and theCVE-2013-6496 issue was discovered by Jan Pokorny of Red Hat.In addition, these updated conga packages include several bug fixes.Space precludes documenting all of these changes in this advisory.Users are directed to the Red Hat Enterprise Linux 5.11 Technical Notes,linked to in the References section, for information on the mostsignificant of these changesAll conga users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues. After installing thisupdate, the luci and ricci services will be restarted automatically.

Solution(s)

  • redhat-upgrade-conga-debuginfo
  • redhat-upgrade-luci
  • redhat-upgrade-ricci

References

  • redhat-upgrade-conga-debuginfo
  • redhat-upgrade-luci
  • redhat-upgrade-ricci

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;