CVE-2010-2236: Input Validation
First published: Thu Jun 24 2010(Updated: )
An improper input sanitization flaw was found in the way Red Hat Network Satellite performed management of monitoring probes. A remote, authenticated attacker, with the privilege to administer monitoring probes, could execute arbitrary code with the privileges of the user, the Red Hat Network Satellite monitoring service is running under, by providing a specially-crafted values for certain options of the monitoring probe display. References: For further information about Red Hat Network Satellite monitoring entitlements and management of monitoring probes, please refer to the reference guide of your Red Hat Network Satellite installation.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Spacewalk-java | <=2.1.147-1 | |
| Redhat Network Proxy | =5.3 | |
| Redhat Satellite | =5.3 | |
| Redhat Satellite | =5.2 | |
| Redhat Satellite | =5.1 | |
| Redhat Satellite | =4.2 | |
| Redhat Satellite | =4.1 | |
| Redhat Satellite | =4.0 |
Remedy
https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f
Remedy
https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=c41c87a9dc9dac771eb761dd63ada05b2f9104f9
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/attachment.cgi?id=819987&action=diff
- http://secunia.com/advisories/56952
- https://bugzilla.redhat.com/show_bug.cgi?id=607712
- https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=c41c87a9dc9dac771eb761dd63ada05b2f9104f9
- https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f
- https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html
- https://www.cve.org/CVERecord?id=CVE-2010-2236 https://nvd.nist.gov/vuln/detail/CVE-2010-2236
- https://access.redhat.com/security/cve/CVE-2010-2236
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=819987&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=819987&action=edit
- https://access.redhat.com/site/support/policy/updates/satellite
- collector/nvd-historical
- collector/redhat-cve
- collector/nvd-index
- agent/type
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/references
- agent/weakness
- agent/tags
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-2236
- vendor/redhat
- canonical/redhat spacewalk-java
- version/redhat spacewalk-java/2.1.147-1
- canonical/redhat network proxy
- version/redhat network proxy/5.3
- canonical/redhat satellite
- version/redhat satellite/5.3
- version/redhat satellite/5.2
- version/redhat satellite/5.1
- version/redhat satellite/4.2
- version/redhat satellite/4.1
- version/redhat satellite/4.0