CVE-2010-2236: Input Validation
First published: Thu Jun 24 2010(Updated: )
An improper input sanitization flaw was found in the way Red Hat Network Satellite performed management of monitoring probes. A remote, authenticated attacker, with the privilege to administer monitoring probes, could execute arbitrary code with the privileges of the user, the Red Hat Network Satellite monitoring service is running under, by providing a specially-crafted values for certain options of the monitoring probe display. References: For further information about Red Hat Network Satellite monitoring entitlements and management of monitoring probes, please refer to the reference guide of your Red Hat Network Satellite installation.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Spacewalk | <=2.1.147-1 | |
| Red Hat Network Proxy | =5.3 | |
| Red Hat Satellite | =5.3 | |
| Red Hat Satellite | =5.2 | |
| Red Hat Satellite | =5.1 | |
| Red Hat Satellite | =4.2 | |
| Red Hat Satellite | =4.1 | |
| Red Hat Satellite | =4.0 |
Remedy
https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f
Remedy
https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=c41c87a9dc9dac771eb761dd63ada05b2f9104f9
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/attachment.cgi?id=819987&action=diff
- http://secunia.com/advisories/56952
- https://bugzilla.redhat.com/show_bug.cgi?id=607712
- https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=c41c87a9dc9dac771eb761dd63ada05b2f9104f9
- https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f
- https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html
- https://www.cve.org/CVERecord?id=CVE-2010-2236 https://nvd.nist.gov/vuln/detail/CVE-2010-2236
- https://access.redhat.com/security/cve/CVE-2010-2236
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=819987&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=819987&action=edit
- https://access.redhat.com/site/support/policy/updates/satellite
Frequently Asked Questions
What is the severity of CVE-2010-2236?
CVE-2010-2236 has been classified as having a moderate severity due to the potential for remote code execution by authenticated attackers.
How do I fix CVE-2010-2236?
To remediate CVE-2010-2236, upgrade to the latest patched version of Red Hat Satellite or associated products that address this vulnerability.
Who is affected by CVE-2010-2236?
CVE-2010-2236 affects users of Red Hat Satellite, Network Proxy, and Spacewalk Java, specifically in the specified vulnerable versions.
What action can an attacker perform due to CVE-2010-2236?
An attacker exploiting CVE-2010-2236 can execute arbitrary code with the privileges of the Red Hat Network Satellite user.
What type of vulnerability is CVE-2010-2236?
CVE-2010-2236 represents an improper input sanitization vulnerability that allows for arbitrary code execution.
- collector/redhat-cve
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/references
- agent/weakness
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-2236
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/redhat
- canonical/red hat spacewalk
- version/red hat spacewalk/2.1.147-1
- canonical/red hat network proxy
- version/red hat network proxy/5.3
- canonical/red hat satellite
- version/red hat satellite/5.3
- version/red hat satellite/5.2
- version/red hat satellite/5.1
- version/red hat satellite/4.2
- version/red hat satellite/4.1
- version/red hat satellite/4.0