Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2013-4480: Does CVE-2013-4480 affect Red Hat Satellite 5.x? - Red Hat Customer Portal

Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.

CVE
Open in Source
#web#red_hat#js

Issue

The flaw identified by CVE-2013-4480 (Red Hat Bugzilla 1024614) describes an issue where a user-supplied web query can result in an administrative user being added to the Satellite console. A remote, unprivileged user could use this flaw to gain administrative privileges to the Satellite console.

No public exploit is available, however exploitation does not require specialized knowledge or tools.

Environment

  • Red Hat Satellite 5, all supported versions as well as older versions

Resolution

Updates to correct this issue are available below. Customers are advised to apply them now.

  • Red Hat Satellite 5.2
  • Red Hat Satellite 5.3 through 5.6

If updating is not possible, the /var/lib/tomcat[56]/webapps/rhn/WEB-INF/struts-config.xml file can be modified manually to include the two necessary checks.

Red Hat Satellite 5.4 and later

  1. In the struts-config.xml file, locate the “CreateFirstUserSubmit” section and add the following line after the line:

    <set-property property="acls" value="need_first_user()"/>

The modified section should look as follows:

    <action path="/newlogin/CreateFirstUserSubmit"
        name="createSatelliteForm"
        scope="request"
        validate="false"
        input="/WEB-INF/pages/user/create/usercreate.jsp"
        type="com.redhat.rhn.frontend.action.user.CreateUserAction"
        className="com.redhat.rhn.frontend.struts.RhnActionMapping">
      <set-property property="postRequired" value="true" />
      <set-property property="acls" value="need_first_user()"/>
      <forward name="success_sat" path="/YourRhn.do"
               redirect="true"/>
      <forward name="fail-sat" path="/newlogin/CreateFirstUser.do"/>
    </action>

  1. In the struts-config.xml file, locate the “CreateSatelliteSubmit” section and add the following line after the line:

    <set-property property="acls" value="user_role(org_admin)"/>

The modified section should look as follows:

    <action path="/newlogin/CreateSatelliteSubmit"
        name="createSatelliteForm"
        scope="request"
        validate="false"
        input="/WEB-INF/pages/user/create/usercreate.jsp"
        type="com.redhat.rhn.frontend.action.user.CreateUserAction"
        className="com.redhat.rhn.frontend.struts.RhnActionMapping">
      <set-property property="postRequired" value="true" />
      <set-property property="acls" value="user_role(org_admin)"/>
      <forward name="existorgsuccess" path="/users/ActiveList.do"
               redirect="true"/>
      <forward name="failure" path="/users/CreateUser.do"/>
    </action>
  1. The Satellite service must be restarted (“service rhn-satellite restart”) for the above changes to take effect.

Red Hat Satellite 5.3, 5.2, and earlier

  1. In the struts-config.xml file, locate the “CreateFirstUserSubmit” section and add the following lines after the type="com.redhat.rhn.frontend.action.user.CreateUserAction"> line:

    className="com.redhat.rhn.frontend.struts.RhnActionMapping"> <set-property property="acls" value="need_first_user()"/>

Additionally, remove the ' > ' character from the end of the current type="com.redhat.rhn.frontend.action.user.CreateUserAction"> line.

The modified section should look as follows:

    <action path="/newlogin/CreateFirstUserSubmit"
        name="createSatelliteForm"
        scope="request"
        validate="false"
        input="/WEB-INF/pages/user/create/usercreate.jsp"
        type="com.redhat.rhn.frontend.action.user.CreateUserAction"
        className="com.redhat.rhn.frontend.struts.RhnActionMapping">
      <set-property property="acls" value="need_first_user()"/>
      <forward name="success_sat" path="/YourRhn.do"
               redirect="true"/>
      <forward name="fail-sat" path="/newlogin/CreateFirstUser.do"/>
    </action>

  1. In the struts-config.xml file, locate the “CreateSatelliteSubmit” section and add the following lines after the type="com.redhat.rhn.frontend.action.user.CreateUserAction"> line:

    className="com.redhat.rhn.frontend.struts.RhnActionMapping"> <set-property property="acls" value="user_role(org_admin)"/>

Additionally, remove the ' > ' character from the end of the current type="com.redhat.rhn.frontend.action.user.CreateUserAction"> line.

The modified section should look as follows:

    <action path="/newlogin/CreateSatelliteSubmit"
        name="createSatelliteForm"
        scope="request"
        validate="false"
        input="/WEB-INF/pages/user/create/usercreate.jsp"
        type="com.redhat.rhn.frontend.action.user.CreateUserAction"
        className="com.redhat.rhn.frontend.struts.RhnActionMapping">
      <set-property property="acls" value="user_role(org_admin)"/>
      <forward name="existorgsuccess" path="/users/ActiveList.do"
               redirect="true"/>
      <forward name="failure" path="/users/CreateUser.do"/>
    </action>
  1. The Satellite service must be restarted (“service rhn-satellite restart”) for the above changes to take effect.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE