Multiple vulnerabilities in Red Hat Satellite Client
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2022-1292 CVE-2022-2068 CVE-2022-41717 CVE-2023-39325 CVE-2023-44487 |
| CWE-ID | CWE-78 CWE-770 CWE-400 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #3 is available. Vulnerability #5 is being exploited in the wild. |
| Vulnerable software Subscribe |
Red Hat Enterprise Linux for ARM 64 Operating systems & Components / Operating system Red Hat Enterprise Linux for Power, little endian Operating systems & Components / Operating system Red Hat Enterprise Linux for IBM z Systems Operating systems & Components / Operating system Red Hat Enterprise Linux Server - Extended Life Cycle Support Operating systems & Components / Operating system Red Hat Enterprise Linux for x86_64 Operating systems & Components / Operating system Red Hat Enterprise Linux for Scientific Computing Operating systems & Components / Operating system Red Hat Enterprise Linux Desktop Operating systems & Components / Operating system Red Hat Enterprise Linux Workstation Operating systems & Components / Operating system Red Hat Enterprise Linux Server Operating systems & Components / Operating system yggdrasil (Red Hat package) Operating systems & Components / Operating system package or component qpid-proton (Red Hat package) Operating systems & Components / Operating system package or component puppet-agent (Red Hat package) Operating systems & Components / Operating system package or component foreman_ygg_worker (Red Hat package) Operating systems & Components / Operating system package or component |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) OS Command Injection
EUVDB-ID: #VU62765
Risk: Medium
CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-1292
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.
Install updates from vendor's website.
Red Hat Enterprise Linux for ARM 64: 8 - 9
Red Hat Enterprise Linux for Power, little endian: 7 - 9
Red Hat Enterprise Linux for IBM z Systems: 8 - 9
Red Hat Enterprise Linux Server - Extended Life Cycle Support: 6.0
Red Hat Enterprise Linux for x86_64: 8.0 - 9
Red Hat Enterprise Linux for Scientific Computing: 7
Red Hat Enterprise Linux Desktop: 7
Red Hat Enterprise Linux Workstation: 7
Red Hat Enterprise Linux Server: 7
yggdrasil (Red Hat package): before 0.2.3-1.el9sat
qpid-proton (Red Hat package): before 0.37.0-2.el9
puppet-agent (Red Hat package): before 7.26.0-3.el9sat
foreman_ygg_worker (Red Hat package): before 0.2.2-1.el9sat
External linkshttp://access.redhat.com/errata/RHSA-2023:5982
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) OS Command Injection
EUVDB-ID: #VU64559
Risk: Medium
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2068
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.
The vulnerability exists due to incomplete fix for #VU62765 (CVE-2022-1292).
Install updates from vendor's website.
Red Hat Enterprise Linux for ARM 64: 8 - 9
Red Hat Enterprise Linux for Power, little endian: 7 - 9
Red Hat Enterprise Linux for IBM z Systems: 8 - 9
Red Hat Enterprise Linux Server - Extended Life Cycle Support: 6.0
Red Hat Enterprise Linux for x86_64: 8.0 - 9
Red Hat Enterprise Linux for Scientific Computing: 7
Red Hat Enterprise Linux Desktop: 7
Red Hat Enterprise Linux Workstation: 7
Red Hat Enterprise Linux Server: 7
yggdrasil (Red Hat package): before 0.2.3-1.el9sat
qpid-proton (Red Hat package): before 0.37.0-2.el9
puppet-agent (Red Hat package): before 7.26.0-3.el9sat
foreman_ygg_worker (Red Hat package): before 0.2.2-1.el9sat
External linkshttp://access.redhat.com/errata/RHSA-2023:5982
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Allocation of Resources Without Limits or Throttling
EUVDB-ID: #VU70334
Risk: Medium
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-41717
CWE-ID:
CWE-770 - Allocation of Resources Without Limits or Throttling
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to excessive memory growth when handling HTTP/2 server requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for ARM 64: 8 - 9
Red Hat Enterprise Linux for Power, little endian: 7 - 9
Red Hat Enterprise Linux for IBM z Systems: 8 - 9
Red Hat Enterprise Linux Server - Extended Life Cycle Support: 6.0
Red Hat Enterprise Linux for x86_64: 8.0 - 9
Red Hat Enterprise Linux for Scientific Computing: 7
Red Hat Enterprise Linux Desktop: 7
Red Hat Enterprise Linux Workstation: 7
Red Hat Enterprise Linux Server: 7
yggdrasil (Red Hat package): before 0.2.3-1.el9sat
qpid-proton (Red Hat package): before 0.37.0-2.el9
puppet-agent (Red Hat package): before 7.26.0-3.el9sat
foreman_ygg_worker (Red Hat package): before 0.2.2-1.el9sat
External linkshttp://access.redhat.com/errata/RHSA-2023:5982
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Resource exhaustion
EUVDB-ID: #VU82064
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-39325
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to excessive consumption of internal resources when handling HTTP/2 requests. A remote attacker can bypass the http2.Server.MaxConcurrentStreams setting by creating new connections while the current connections are still being processed, trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for ARM 64: 8 - 9
Red Hat Enterprise Linux for Power, little endian: 7 - 9
Red Hat Enterprise Linux for IBM z Systems: 8 - 9
Red Hat Enterprise Linux Server - Extended Life Cycle Support: 6.0
Red Hat Enterprise Linux for x86_64: 8.0 - 9
Red Hat Enterprise Linux for Scientific Computing: 7
Red Hat Enterprise Linux Desktop: 7
Red Hat Enterprise Linux Workstation: 7
Red Hat Enterprise Linux Server: 7
yggdrasil (Red Hat package): before 0.2.3-1.el9sat
qpid-proton (Red Hat package): before 0.37.0-2.el9
puppet-agent (Red Hat package): before 7.26.0-3.el9sat
foreman_ygg_worker (Red Hat package): before 0.2.2-1.el9sat
External linkshttp://access.redhat.com/errata/RHSA-2023:5982
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Resource exhaustion
EUVDB-ID: #VU81728
Risk: High
CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:H/RL:O/RC:C]
CVE-ID: CVE-2023-44487
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improperly control of consumption for internal resources when handling HTTP/2 requests with compressed HEADERS frames. A remote attacker can send a sequence of compressed HEADERS frames followed by RST_STREAM frames and perform a denial of service (DoS) attack, a.k.a. "Rapid Reset".
Note, the vulnerability is being actively exploited in the wild.
Install updates from vendor's website.
Red Hat Enterprise Linux for ARM 64: 8 - 9
Red Hat Enterprise Linux for Power, little endian: 7 - 9
Red Hat Enterprise Linux for IBM z Systems: 8 - 9
Red Hat Enterprise Linux Server - Extended Life Cycle Support: 6.0
Red Hat Enterprise Linux for x86_64: 8.0 - 9
Red Hat Enterprise Linux for Scientific Computing: 7
Red Hat Enterprise Linux Desktop: 7
Red Hat Enterprise Linux Workstation: 7
Red Hat Enterprise Linux Server: 7
yggdrasil (Red Hat package): before 0.2.3-1.el9sat
qpid-proton (Red Hat package): before 0.37.0-2.el9
puppet-agent (Red Hat package): before 7.26.0-3.el9sat
foreman_ygg_worker (Red Hat package): before 0.2.2-1.el9sat
External linkshttp://access.redhat.com/errata/RHSA-2023:5982
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
