SUSE update for Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server

1) Resource exhaustion

EUVDB-ID: #VU88173

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-51775

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion via large p2c (aka PBES2 Count) value and perform a denial of service (DoS) attack.

Mitigation

Update the affected package Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server to the latest version.

Vulnerable software versions

SUSE Manager Proxy Module: 4.3

SUSE Manager Server Module: 4.3

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

susemanager-tools: before 4.3.35-150400.3.48.6

inter-server-sync: before 0.3.3-150400.3.30.4

inter-server-sync-debuginfo: before 0.3.3-150400.3.30.4

susemanager: before 4.3.35-150400.3.48.6

smdba: before 1.7.13-0.150400.4.12.4

spacewalk-config: before 4.3.13-150400.3.15.5

spacewalk-backend-server: before 4.3.28-150400.3.41.7

spacewalk-backend-tools: before 4.3.28-150400.3.41.7

spacewalk-html: before 4.3.38-150400.3.42.6

susemanager-sls: before 4.3.41-150400.3.47.6

uyuni-config-modules: before 4.3.41-150400.3.47.6

spacewalk-backend-app: before 4.3.28-150400.3.41.7

spacewalk-backend-applet: before 4.3.28-150400.3.41.7

spacewalk-backend-config-files: before 4.3.28-150400.3.41.7

cobbler: before 3.3.3-150400.5.42.5

susemanager-sync-data: before 4.3.17-150400.3.25.4

spacewalk-backend-iss: before 4.3.28-150400.3.41.7

spacewalk-backend-xml-export-libs: before 4.3.28-150400.3.41.7

uyuni-reportdb-schema: before 4.3.10-150400.3.15.6

susemanager-schema-utility: before 4.3.25-150400.3.39.5

subscription-matcher: before 0.37-150400.3.22.4

spacewalk-java-postgresql: before 4.3.73-150400.3.79.1

image-sync-formula: before 0.1.1711646883.4a44375-150400.3.18.4

spacewalk-java-config: before 4.3.73-150400.3.79.1

supportutils-plugin-susemanager: before 4.3.11-150400.3.21.4

spacewalk-backend-config-files-common: before 4.3.28-150400.3.41.7

susemanager-schema: before 4.3.25-150400.3.39.5

spacewalk-backend-config-files-tool: before 4.3.28-150400.3.41.7

jose4j: before 0.5.1-150400.3.9.4

susemanager-docs_en-pdf: before 4.3-150400.9.56.4

spacewalk-backend-sql-postgresql: before 4.3.28-150400.3.41.7

spacewalk-backend-sql: before 4.3.28-150400.3.41.7

spacewalk-taskomatic: before 4.3.73-150400.3.79.1

spacewalk-base: before 4.3.38-150400.3.42.6

spacewalk-backend-xmlrpc: before 4.3.28-150400.3.41.7

spacewalk-backend-iss-export: before 4.3.28-150400.3.41.7

spacewalk-java: before 4.3.73-150400.3.79.1

spacewalk-backend-package-push-server: before 4.3.28-150400.3.41.7

susemanager-docs_en: before 4.3-150400.9.56.4

spacewalk-java-lib: before 4.3.73-150400.3.79.1

python3-uyuni-common-libs: before 4.3.10-150400.3.18.4

spacewalk-base-minimal-config: before 4.3.38-150400.3.42.6

spacewalk-check: before 4.3.19-150400.3.27.5

python3-spacewalk-check: before 4.3.19-150400.3.27.5

spacewalk-client-tools: before 4.3.19-150400.3.27.5

spacewalk-client-setup: before 4.3.19-150400.3.27.5

spacewalk-certs-tools: before 4.3.23-150400.3.28.5

spacecmd: before 4.3.27-150400.3.36.5

spacewalk-backend: before 4.3.28-150400.3.41.7

mgr-daemon: before 4.3.9-150400.3.15.5

python3-spacewalk-client-tools: before 4.3.19-150400.3.27.5

python3-spacewalk-client-setup: before 4.3.19-150400.3.27.5

python3-spacewalk-certs-tools: before 4.3.23-150400.3.28.5

spacewalk-base-minimal: before 4.3.38-150400.3.42.6

CPE2.3

• cpe:2.3:o:suse:suse_manager_proxy_module:4.3:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_manager_server_module:4.3:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
• cpe:2.3:a:suse:susemanager-tools:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:inter-server-sync:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:inter-server-sync-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:susemanager:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:smdba:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:spacewalk-config:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:spacewalk-backend-server:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:spacewalk-backend-tools:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:spacewalk-html:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:susemanager-sls:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:uyuni-config-modules:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:spacewalk-backend-app:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:spacewalk-backend-applet:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:spacewalk-backend-config-files:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:cobbler:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:susemanager-sync-data:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:spacewalk-backend-iss:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:spacewalk-backend-xml-export-libs:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:uyuni-reportdb-schema:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:susemanager-schema-utility:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:subscription-matcher:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:spacewalk-java-postgresql:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:image-sync-formula:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:spacewalk-java-config:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:supportutils-plugin-susemanager:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:spacewalk-backend-config-files-common:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:susemanager-schema:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:spacewalk-backend-config-files-tool:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:jose4j:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:susemanager-docs_en-pdf:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:spacewalk-backend-sql-postgresql:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:spacewalk-backend-sql:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:spacewalk-taskomatic:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:spacewalk-base:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:spacewalk-backend-xmlrpc:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:spacewalk-backend-iss-export:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:spacewalk-java:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:spacewalk-backend-package-push-server:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:susemanager-docs_en:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:spacewalk-java-lib:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:python3-uyuni-common-libs:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:spacewalk-base-minimal-config:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:spacewalk-check:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:python3-spacewalk-check:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:spacewalk-client-tools:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:spacewalk-client-setup:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:spacewalk-certs-tools:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:spacecmd:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:spacewalk-backend:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:mgr-daemon:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:python3-spacewalk-client-tools:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:python3-spacewalk-client-setup:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:python3-spacewalk-certs-tools:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:spacewalk-base-minimal:*:*:*:*:*:suse_linux:*:*

External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241507-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.