First published: Thu Jun 24 2010(Updated: )
An improper input sanitization flaw was found in the way Red Hat Network Satellite performed management of monitoring probes. A remote, authenticated attacker, with the privilege to administer monitoring probes, could execute arbitrary code with the privileges of the user, the Red Hat Network Satellite monitoring service is running under, by providing a specially-crafted values for certain options of the monitoring probe display. References: For further information about Red Hat Network Satellite monitoring entitlements and management of monitoring probes, please refer to the reference guide of your Red Hat Network Satellite installation.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Red Hat Spacewalk | <=2.1.147-1 | |
Red Hat Network Proxy | =5.3 | |
Red Hat Satellite | =5.3 | |
Red Hat Satellite | =5.2 | |
Red Hat Satellite | =5.1 | |
Red Hat Satellite | =4.2 | |
Red Hat Satellite | =4.1 | |
Red Hat Satellite | =4.0 |
https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f
https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=c41c87a9dc9dac771eb761dd63ada05b2f9104f9
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2010-2236 has been classified as having a moderate severity due to the potential for remote code execution by authenticated attackers.
To remediate CVE-2010-2236, upgrade to the latest patched version of Red Hat Satellite or associated products that address this vulnerability.
CVE-2010-2236 affects users of Red Hat Satellite, Network Proxy, and Spacewalk Java, specifically in the specified vulnerable versions.
An attacker exploiting CVE-2010-2236 can execute arbitrary code with the privileges of the Red Hat Network Satellite user.
CVE-2010-2236 represents an improper input sanitization vulnerability that allows for arbitrary code execution.