Описание
Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords.
Pulp makes unsafe use of Bash's $RANDOM to generate a NSS DB password and seed resulting in insufficient randomness. An attacker could potentially guess the seed used given enough time and compute resources.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| RHUI for RHEL 6 | pulp | Not affected | ||
| Red Hat Satellite 6.3 for RHEL 7 | candlepin | Fixed | RHSA-2018:0336 | 21.02.2018 |
| Red Hat Satellite 6.3 for RHEL 7 | foreman | Fixed | RHSA-2018:0336 | 21.02.2018 |
| Red Hat Satellite 6.3 for RHEL 7 | foreman-bootloaders-redhat | Fixed | RHSA-2018:0336 | 21.02.2018 |
| Red Hat Satellite 6.3 for RHEL 7 | foreman-discovery-image | Fixed | RHSA-2018:0336 | 21.02.2018 |
| Red Hat Satellite 6.3 for RHEL 7 | foreman-installer | Fixed | RHSA-2018:0336 | 21.02.2018 |
| Red Hat Satellite 6.3 for RHEL 7 | foreman-proxy | Fixed | RHSA-2018:0336 | 21.02.2018 |
| Red Hat Satellite 6.3 for RHEL 7 | foreman-selinux | Fixed | RHSA-2018:0336 | 21.02.2018 |
| Red Hat Satellite 6.3 for RHEL 7 | hiera | Fixed | RHSA-2018:0336 | 21.02.2018 |
| Red Hat Satellite 6.3 for RHEL 7 | katello | Fixed | RHSA-2018:0336 | 21.02.2018 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-330
https://bugzilla.redhat.com/show_bug.cgi?id=1330264pulp: Unsafe use of bash $RANDOM for NSS DB password and seed
EPSS
Процентиль: 67%
0.00543
Низкий
5.6 Medium
CVSS3
4.6 Medium
CVSS2
Связанные уязвимости
CVSS3: 7.5
nvd
больше 8 лет назад
Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords.
CVSS3: 7.5
github
больше 3 лет назад
Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords.
EPSS
Процентиль: 67%
0.00543
Низкий
5.6 Medium
CVSS3
4.6 Medium
CVSS2