Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Red Hat Enterprise MRG Grid 2.2 security update
Informations
Name RHSA-2012:1281 First vendor Publication 2012-09-19
Vendor RedHat Last vendor Modification 2012-09-19
Severity (Vendor) Moderate Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated Grid component packages that fix several security issues, add various enhancements and fix multiple bugs are now available for Red Hat Enterprise MRG 2 for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

MRG Grid Execute Node for RHEL 6 ComputeNode v.2 - noarch, x86_64 MRG Grid Execute Node for RHEL 6 Server v.2 - i386, noarch, x86_64 MRG Grid for RHEL 6 Server v.2 - i386, noarch, x86_64 MRG Management for RHEL 6 ComputeNode v.2 - x86_64 MRG Management for RHEL 6 Server v.2 - i386, noarch, x86_64 Red Hat MRG Messaging for RHEL 6 Server v.2 - i386, x86_64

3. Description:

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers.

A number of unprotected resources (web pages, export functionality, image viewing) were found in Cumin. An unauthenticated user could bypass intended access restrictions, resulting in information disclosure. (CVE-2012-2680)

Cumin could generate weak session keys, potentially allowing remote attackers to predict session keys and obtain unauthorized access to Cumin. (CVE-2012-2681)

Multiple cross-site scripting flaws in Cumin could allow remote attackers to inject arbitrary web script on a web page displayed by Cumin. (CVE-2012-2683)

An SQL injection flaw in Cumin could allow remote attackers to manipulate the contents of the back-end database via a specially-crafted URL. (CVE-2012-2684)

When Cumin handled image requests, clients could request images of arbitrary sizes. This could result in large memory allocations on the Cumin server, leading to an out-of-memory condition. (CVE-2012-2685)

Cumin did not protect against Cross-Site Request Forgery attacks. If an attacker could trick a user, who was logged into the Cumin web interface, into visiting a specially-crafted web page, it could lead to unauthorized command execution in the Cumin web interface with the privileges of the logged-in user. (CVE-2012-2734)

A session fixation flaw was found in Cumin. An authenticated user able to pre-set the Cumin session cookie in a victim's browser could possibly use this flaw to steal the victim's session after they log into Cumin. (CVE-2012-2735)

It was found that authenticated users could send a specially-crafted HTTP POST request to Cumin that would cause it to submit a job attribute change to Condor. This could be used to change internal Condor attributes, including the Owner attribute, which could allow Cumin users to elevate their privileges. (CVE-2012-3459)

It was discovered that Condor's file system authentication challenge accepted directories with weak permissions (for example, world readable, writable and executable permissions). If a user created a directory with such permissions, a local attacker could rename it, allowing them to execute jobs with the privileges of the victim user. (CVE-2012-3492)

It was discovered that Condor exposed private information in the data in the ClassAds format served by condor_startd. An unauthenticated user able to connect to condor_startd's port could request a ClassAd for a running job, provided they could guess or brute-force the PID of the job. This could expose the ClaimId which, if obtained, could be used to control the job as well as start new jobs on the system. (CVE-2012-3493)

It was discovered that the ability to abort a job in Condor only required WRITE authorization, instead of a combination of WRITE authorization and job ownership. This could allow an authenticated attacker to bypass intended restrictions and abort any idle job on the system. (CVE-2012-3491)

The above issues were discovered by Florian Weimer of the Red Hat Product Security Team.

This update also provides defense in depth patches for Condor. (BZ#848212, BZ#835592, BZ#841173, BZ#843476)

These updated packages for Red Hat Enterprise Linux 6 provide numerous enhancements and bug fixes for the Grid component of MRG. Some highlights include:

* Integration with Red Hat Enterprise Virtualization Manager via Deltacloud * Role enforcement in Cumin * Cumin authentication integration with LDAP * Enhanced Red Hat HA integration managing multiple-schedulers nodes * Generic local resource limits for partitionable slots * Concurrency limit groups

Space precludes documenting all of these changes in this advisory. Refer to the Red Hat Enterprise MRG 2 Technical Notes document, linked to in the References section, for information on these changes.

4. Solution:

All users of the Grid capabilities of Red Hat Enterprise MRG 2 are advised to upgrade to these updated packages, which resolve the issues and add the enhancements noted in the Red Hat Enterprise MRG 2 Technical Notes. Condor and Cumin must be restarted for this update to take effect.

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

827558 - CVE-2012-2681 cumin: weak session keys 828434 - Grid 2.2 for EL6 829421 - CVE-2012-2680 cumin: authentication bypass flaws 830243 - CVE-2012-2683 cumin: multiple XSS flaws 830245 - CVE-2012-2684 cumin: SQL injection flaw 830248 - CVE-2012-2685 cumin: DoS via large image requests 832124 - CVE-2012-2734 cumin: CSRF flaw 832151 - CVE-2012-2735 cumin: session fixation flaw 846501 - CVE-2012-3459 cumin: allows for editing internal Condor job attributes 848212 - CVE-2012-3490 condor: does not check return value of setuid and similar calls, exploitable via VMware support 848214 - CVE-2012-3491 condor: local users can abort any idle jobs 848218 - CVE-2012-3492 condor: lock directories created mode 0777 allow for FS-based authentication challenge bypass 848222 - CVE-2012-3493 condor: GIVE_REQUEST_AD leaks privileged ClaimId information

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2012-1281.html

CWE : Common Weakness Enumeration

% Id Name
30 % CWE-264 Permissions, Privileges, and Access Controls
10 % CWE-399 Resource Management Errors
10 % CWE-352 Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25)
10 % CWE-310 Cryptographic Issues
10 % CWE-287 Improper Authentication
10 % CWE-200 Information Exposure
10 % CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25)
10 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 14
Application 19
Os 1

OpenVAS Exploits

Date Description
2012-11-23 Name : Fedora Update for cumin FEDORA-2012-17854
File : nvt/gb_fedora_2012_17854_cumin_fc16.nasl
2012-11-23 Name : Fedora Update for cumin FEDORA-2012-17863
File : nvt/gb_fedora_2012_17863_cumin_fc17.nasl

Nessus® Vulnerability Scanner

Date Description
2014-07-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1278.nasl - Type : ACT_GATHER_INFO
2014-07-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1281.nasl - Type : ACT_GATHER_INFO
2013-03-14 Name : The remote Fedora host is missing a security update.
File : fedora_2012-17834.nasl - Type : ACT_GATHER_INFO
2012-11-20 Name : The remote Fedora host is missing a security update.
File : fedora_2012-17854.nasl - Type : ACT_GATHER_INFO
2012-11-20 Name : The remote Fedora host is missing a security update.
File : fedora_2012-17863.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-07-23 13:25:10
  • Multiple Updates