Описание
A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host registered to Satellite (or Capsule) can use this flaw to access QMF methods to any host also registered to Satellite (or Capsule) and execute privileged commands.
A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent. A malicious user authenticated to a host registered to Satellite (or Capsule) can use this flaw to access QMF methods to any host also registered to Satellite (or Capsule) and execute privileged commands.
Отчет
On Red Hat Satellite 6.5, the Satellite 6.5 GA release includes a version of katello-installer-base that provides the fixes for this issue.
Меры по смягчению последствий
On Satellite Server follow the instructions below:
- Modify /etc/qpid/qpidd.conf to add this line: acl-file=qpid_acls.acl
- Create a new file: /var/lib/qpidd/.qpidd/qpid_acls.acl with content: acl allow katello_agent@QPID create queue acl allow katello_agent@QPID consume queue acl allow katello_agent@QPID access exchange acl allow katello_agent@QPID access queue acl allow katello_agent@QPID publish exchange routingkey=pulp.task acl allow katello_agent@QPID publish exchange name=qmf.default.direct acl allow katello_agent@QPID access method name=create acl deny-log katello_agent@QPID access method name=* acl deny-log katello_agent@QPID all all
allow anything else
acl allow all all
- As root, execute the command:
systemctl restart qpidd
- In /etc/qpid-dispatch/qdrouterd.conf modify the connector: connector { name: broker host: localhost port: 5671 sasl-mechanisms: PLAIN sasl-username: katello_agent sasl-password: katello_agent role: route-container ssl-profile: client idle-timeout-seconds: 0 }
- As root, execute the command:
systemctl restart qdrouterd
These ACLs will prevent clients to redirect or move messages to various queues which is the nature of the CVE. All other behavior will be unchanged (acl allow all all) which is the current baseline.
Дополнительная информация
Статус:
EPSS
8 High
CVSS3
Связанные уязвимости
A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host registered to Satellite (or Capsule) can use this flaw to access QMF methods to any host also registered to Satellite (or Capsule) and execute privileged commands.
A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host registered to Satellite (or Capsule) can use this flaw to access QMF methods to any host also registered to Satellite (or Capsule) and execute privileged commands.
Уязвимость брокера QPID программного средства централизованного управления жизненным циклом программных продуктов Red Hat Satellite, позволяющая нарушителю получить доступ к методам QMF и выполнить произвольные команды в привилегированном режиме
EPSS
8 High
CVSS3