Описание
The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
It was found that the Apache Qpid daemon (qpidd) treated AMQP connections with the federation_tag attribute set as a broker-to-broker connection, rather than a client-to-server connection. This resulted in the source user ID of messages not being checked. A client that can establish an AMQP connection with the broker could use this flaw to bypass intended authentication. For Condor users, if condor-aviary is installed, this flaw could be used to submit jobs that would run as any user (except root, as Condor does not run jobs as root).
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | qpid-cpp | Affected | ||
| MRG for RHEL-5 v. 2 | cumin-messaging | Fixed | RHSA-2013:0561 | 06.03.2013 |
| MRG for RHEL-5 v. 2 | mrg-release | Fixed | RHSA-2013:0561 | 06.03.2013 |
| MRG for RHEL-5 v. 2 | python-qpid | Fixed | RHSA-2013:0561 | 06.03.2013 |
| MRG for RHEL-5 v. 2 | qpid-cpp-mrg | Fixed | RHSA-2013:0561 | 06.03.2013 |
| MRG for RHEL-5 v. 2 | qpid-java | Fixed | RHSA-2013:0561 | 06.03.2013 |
| MRG for RHEL-5 v. 2 | qpid-jca | Fixed | RHSA-2013:0561 | 06.03.2013 |
| MRG for RHEL-5 v. 2 | qpid-qmf | Fixed | RHSA-2013:0561 | 06.03.2013 |
| MRG for RHEL-5 v. 2 | qpid-tests | Fixed | RHSA-2013:0561 | 06.03.2013 |
| MRG for RHEL-5 v. 2 | qpid-tools | Fixed | RHSA-2013:0561 | 06.03.2013 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.8 Medium
CVSS2
Связанные уязвимости
The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
The default configuration for Apache Qpid 0.20 and earlier, when the f ...
EPSS
5.8 Medium
CVSS2