rhsa-2013_1206
Vulnerability from csaf_redhat
Published
2013-09-04 18:07
Modified
2024-11-22 07:04
Summary
Red Hat Security Advisory: Red Hat CloudForms Management Engine security update
Notes
Topic
The RHSA-2013:1157 update for Red Hat CloudForms Management Engine included
an additional fix that was not documented in the erratum.
The Red Hat Security Response Team has rated this update as having
critical security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Details
Red Hat CloudForms Management Engine provides the insight, control, and
automation needed to address the challenges of managing virtual
environments.
Multiple directory traversal flaws were found in Red Hat CloudForms
Management Engine. A remote, unauthenticated attacker could use these flaws
to upload arbitrary code, and have that code executed with root privileges
on Red Hat CloudForms Management Engine. (CVE-2013-2068)
This issue was discovered by Ramon de C Valle of the Red Hat Product
Security Team.
Note: This issue was already addressed in the fixpack released as part of
RHSA-2013:1157, however it was not documented and therefore the erratum was
incorrectly rated as having important security impact. No new packages are
available in this erratum; please install the fixpack as noted in
RHSA-2013:1157.
Refer to the Solution section of this erratum for installation
instructions.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The RHSA-2013:1157 update for Red Hat CloudForms Management Engine included\nan additional fix that was not documented in the erratum.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat CloudForms Management Engine provides the insight, control, and\nautomation needed to address the challenges of managing virtual\nenvironments.\n\nMultiple directory traversal flaws were found in Red Hat CloudForms\nManagement Engine. A remote, unauthenticated attacker could use these flaws\nto upload arbitrary code, and have that code executed with root privileges\non Red Hat CloudForms Management Engine. (CVE-2013-2068)\n\nThis issue was discovered by Ramon de C Valle of the Red Hat Product\nSecurity Team.\n\nNote: This issue was already addressed in the fixpack released as part of\nRHSA-2013:1157, however it was not documented and therefore the erratum was\nincorrectly rated as having important security impact. No new packages are\navailable in this erratum; please install the fixpack as noted in\nRHSA-2013:1157.\n\nRefer to the Solution section of this erratum for installation\ninstructions.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2013:1206",
"url": "https://access.redhat.com/errata/RHSA-2013:1206"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "https://access.redhat.com/site/articles/450563",
"url": "https://access.redhat.com/site/articles/450563"
},
{
"category": "external",
"summary": "https://access.redhat.com/site/documentation/en-US/CloudForms/2.0/html/Management_Engine_5.1_Technical_Notes/index.html",
"url": "https://access.redhat.com/site/documentation/en-US/CloudForms/2.0/html/Management_Engine_5.1_Technical_Notes/index.html"
},
{
"category": "external",
"summary": "https://rhn.redhat.com/errata/RHSA-2013-1157.html",
"url": "https://rhn.redhat.com/errata/RHSA-2013-1157.html"
},
{
"category": "external",
"summary": "960422",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=960422"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_1206.json"
}
],
"title": "Red Hat Security Advisory: Red Hat CloudForms Management Engine security update",
"tracking": {
"current_release_date": "2024-11-22T07:04:49+00:00",
"generator": {
"date": "2024-11-22T07:04:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2013:1206",
"initial_release_date": "2013-09-04T18:07:00+00:00",
"revision_history": [
{
"date": "2013-09-04T18:07:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2013-09-12T09:06:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T07:04:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat CloudForms 2.0",
"product": {
"name": "Red Hat CloudForms 2.0",
"product_id": "Red Hat CloudForms 2.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cloudforms:2.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat CloudForms"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ramon de C Valle"
],
"organization": "Red Hat Product Security Team",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2013-2068",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2013-05-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "960422"
}
],
"notes": [
{
"category": "description",
"text": "Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the filename parameter to the (1) log, (2) upload, or (3) linuxpkgs method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cfme: CFME 2.0 multiple zip file upload path traversal vulnerabilities",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat CloudForms 2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-2068"
},
{
"category": "external",
"summary": "RHBZ#960422",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=960422"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2068"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2068",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2068"
}
],
"release_date": "2013-09-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-09-04T18:07:00+00:00",
"details": "The update is provided in a fixpack, available from:\n\nhttps://rhn.redhat.com/rhn/software/channel/downloads/Download.do?cid=17971\n\nTo install the fixpack, follow the instructions in the following Red Hat\nKnowledge Base article:\n\nhttps://access.redhat.com/site/articles/450563",
"product_ids": [
"Red Hat CloudForms 2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1206"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"Red Hat CloudForms 2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "cfme: CFME 2.0 multiple zip file upload path traversal vulnerabilities"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.