Bug 850930 (CVE-2010-2236) - VUL-1: CVE-2010-2236: spacewalk (-proxy): Improper monitoring probes input sanitization (ACE)
Summary: VUL-1: CVE-2010-2236: spacewalk (-proxy): Improper monitoring probes input sa...
Status: RESOLVED FIXED
Alias: CVE-2010-2236
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Normal
Target Milestone: ---
Deadline: 2014-01-31
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: maint:released:sle11-sp2:55953
Keywords:
Depends on:
Blocks:
 
Reported: 2013-11-18 15:58 UTC by Thomas Biege
Modified: 2014-02-11 18:06 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Swamp Workflow Management 2013-11-18 23:00:35 UTC 
bugbot adjusting priority
Comment 2 Swamp Workflow Management 2014-01-17 12:37:08 UTC 
The SWAMPID for this issue is 55894.
This issue was rated as moderate.
Please submit fixed packages until 2014-01-31.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 7 Marcus Meissner 2014-02-11 12:28:32 UTC 
released and public

https://bugzilla.redhat.com/show_bug.cgi?id=607712

An improper input sanitization flaw was found in the way Red Hat Network
Satellite performed management of monitoring probes. A remote, authenticated
attacker, with the privilege to administer monitoring probes, could execute
arbitrary code with the privileges of the user, the Red Hat Network Satellite
monitoring service is running under, by providing a specially-crafted values 
for certain options of the monitoring probe display.

References:
  For further information about Red Hat Network Satellite monitoring
entitlements and management of monitoring probes, please refer to the
reference guide of your Red Hat Network Satellite installation.
Comment 8 Swamp Workflow Management 2014-02-11 14:55:58 UTC 
Update released for: spacewalk-backend, spacewalk-backend-app, spacewalk-backend-applet, spacewalk-backend-config-files, spacewalk-backend-config-files-common, spacewalk-backend-config-files-tool, spacewalk-backend-iss, spacewalk-backend-iss-export, spacewalk-backend-libs, spacewalk-backend-package-push-server, spacewalk-backend-server, spacewalk-backend-sql, spacewalk-backend-sql-oracle, spacewalk-backend-sql-postgresql, spacewalk-backend-tools, spacewalk-backend-xml-export-libs, spacewalk-backend-xmlrpc, spacewalk-backend-xp, spacewalk-base, spacewalk-base-minimal, spacewalk-branding, spacewalk-certs-tools, spacewalk-dobby, spacewalk-grail, spacewalk-html, spacewalk-java, spacewalk-java-config, spacewalk-java-lib, spacewalk-java-oracle, spacewalk-java-postgresql, spacewalk-java-tests, spacewalk-pxt, spacewalk-search, spacewalk-sniglets, spacewalk-taskomatic, spacewalk-utils, spacewalk-web, susemanager, susemanager-tools
Products:
SUSE-MANAGER 1.7 (x86_64)
Comment 9 Swamp Workflow Management 2014-02-11 18:06:30 UTC 
SUSE-SU-2014:0222-1: An update that solves 5 vulnerabilities and has 6 fixes is now available.

Category: security (moderate)
Bug References: 834415,846356,850925,850927,850928,850929,850930,853913,854090,858197,858652
CVE References: CVE-2010-2236,CVE-2012-6149,CVE-2013-1869,CVE-2013-1871,CVE-2013-4415
Sources used:
SUSE Manager 1.7 for SLE 11 SP2 (src):    spacewalk-backend-1.7.38.31-0.5.1, spacewalk-branding-1.7.1.11-0.5.1, spacewalk-certs-tools-1.7.3.11-0.5.1, spacewalk-java-1.7.54.30-0.5.1, spacewalk-search-1.7.3.12-0.5.1, spacewalk-utils-1.7.15.12-0.5.3, spacewalk-web-1.7.28.20-0.5.1, susemanager-1.7.27-0.5.2