SB2024021549 - Multiple vulnerabilities in Red Hat Satellite 6.14

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024021549

SB2024021549 - Multiple vulnerabilities in Red Hat Satellite 6.14

Published: February 15, 2024 Updated: February 21, 2025

Security Bulletin ID SB2024021549
Severity
High
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 10% Medium 70% Low 20%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2023-26049)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient input validation when parsing cookies. A remote attacker can send a specially crafted HTTP request with a cookie value that starts with a double quote and force the application to read the cookie string until it sees a closing quote. Such behavior can be used to exfiltrate sensitive values from other cookies.


2) Insufficient verification of data authenticity (CVE-ID: CVE-2023-26141)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient checks in the dashboard-charts.js file. A remote user can manipulate the localStorage value which will cause excessive polling requests.


3) Input validation error (CVE-ID: CVE-2023-36479)

The vulnerability allows a remote user to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in org.eclipse.jetty.servlets.CGI Servlet when quoting a command before its execution. A remote user can force the application to execute arbitrary file on the server and potentially compromise the system.


4) Heap-based buffer overflow (CVE-ID: CVE-2023-38545)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the SOCKS5 proxy handshake. A remote attacker can trick the victim to visit a malicious website, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system but requires that SOCKS5 proxy is used and that SOCKS5 handshake is slow (e.g. under heavy load or DoS attack).


5) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2023-40167)

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests when handling the "+" character passed via the HTTP/1 header field. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.


6) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2023-40175)

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests when parsing chunked transfer encoding bodies and zero-length Content-Length headers. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.


7) Resource exhaustion (CVE-ID: CVE-2023-4785)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to lack of error handling in the TCP server in Google's gRPC. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack by initiating a significant number of connections with the server.


8) Resource exhaustion (CVE-ID: CVE-2023-0809)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can send malicious initial packets that are not CONNECT packets, trigger memory exhaustion and perform a denial of service (DoS) attack.


9) Memory leak (CVE-ID: CVE-2023-28366)

The vulnerability allows a remote user to perform DoS attack on the target system.

The vulnerability exists due memory leak in broker. A remote client can send multiple QoS 2 messages with the same message ID, but then never respond to the PUBREC commands, which results in memory leak and denial of service condition.


10) Memory leak (CVE-ID: CVE-2023-3592)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak when processing v5 CONNECT packets. A remote attacker can force the application to leak memory by sending messages with invalid property types.


Remediation

Install update from vendor's website.

References