Rapid7 Vulnerability & Exploit Database

SUSE: CVE-2019-10136: SUSE Linux Security Advisory

Back to Search

SUSE: CVE-2019-10136: SUSE Linux Security Advisory

Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
07/02/2019
Created
09/09/2019
Added
09/06/2019
Modified
10/22/2021

Description

It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum.

Solution(s)

  • suse-upgrade-mgr-cfg
  • suse-upgrade-mgr-cfg-actions
  • suse-upgrade-mgr-cfg-client
  • suse-upgrade-mgr-cfg-management
  • suse-upgrade-mgr-daemon
  • suse-upgrade-mgr-osad
  • suse-upgrade-mgr-virtualization-host
  • suse-upgrade-python2-mgr-cfg
  • suse-upgrade-python2-mgr-cfg-actions
  • suse-upgrade-python2-mgr-cfg-client
  • suse-upgrade-python2-mgr-cfg-management
  • suse-upgrade-python2-mgr-osa-common
  • suse-upgrade-python2-mgr-osad
  • suse-upgrade-python2-mgr-virtualization-common
  • suse-upgrade-python2-mgr-virtualization-host
  • suse-upgrade-python2-rhnlib
  • suse-upgrade-spacecmd
  • suse-upgrade-spacewalk-backend-libs
  • suse-upgrade-spacewalk-remote-utils

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;