SB2019080913 - Multiple vulnerabilities in Red Hat Fuse

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Missing authorization (CVE-ID: CVE-2018-1258)

The vulnerability allows a remote unauthenticated attacker to bypass security restrictions on the target system.

The weakness exists due to improper security restrictions when using Spring Security method security. A remote attacker can submit a specially crafted request, bypass authorization restrictions and gain unauthorized access to certain methods that should be restricted. 

2) Security restrictions bypass (CVE-ID: CVE-2018-1320)

The vulnerability allows a remote attacker to gain access to bypass security restrictions.

The vulnerability exists due to unspecified flaw. A remote attacker can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.

3) Improper access control (CVE-ID: CVE-2018-8088)

The vulnerability allows a remote unauthenticated attacker to bypass access restrictions on the target system.

The weakness exists in the org.slf4j.ext.EventData class due to improper security restrictions. A remote attacker can send specially crafted input, bypass access restrictions and gain unauthorized access to perform further attacks.

4) Privilege escalation (CVE-ID: CVE-2018-15758)

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists in the OAuth2 component of Pivotal Software Spring Security OAuth due to improper security restrictions. A remote unauthenticated attacker can send a specially crafted request and modify a previously saved authorization request to gain elevated privileges.

5) Deserialization of Untrusted Data (CVE-ID: CVE-2019-0192)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized data within the RMI server component. A remote non-authenticated attacker can configure the JMX server via an HTTP POST request to the Config API, make it point to a malicious RMI server and then execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

6) Deserialization of Untrusted Data (CVE-ID: CVE-2016-10750)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized passed via the JoinRequest. A remote attacker can send specially crafted data to the application and execute arbitrary Java code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

7) Cross-site request forgery (CVE-ID: CVE-2018-10899)

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website and compromise the application.

8) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-3805)

The vulnerability allows a local user to perform denial of service attack.

The vulnerability exists due to  insecure permissions for /var/run/jboss-eap/ file that allows any user with permissions to run init.d scripts to terminate arbitrary process by modifying its PID in /var/run/jboss-eap/.

Remediation

Install update from vendor's website.

References

• https://access.redhat.com/errata/RHSA-2019:2413