A vulnerability was found in Red Hat Satellite 6.4. It has been classified as problematic. This affects an unknown function of the component Candlepin. The manipulation with an unknown input leads to a privilege escalation vulnerability (Log). CWE is classifying the issue as CWE-255. This is going to have an impact on confidentiality. The summary by CVE is:

It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from fetching package updates, thus preventing all Satellite hosts from accessing those updates.

The bug was discovered 04/12/2019. The weakness was presented 04/15/2019 as not defined bug report (Bugzilla). The advisory is shared at bugzilla.redhat.com. This vulnerability is uniquely identified as CVE-2019-3891 since 01/03/2019. An attack has to be approached locally. The successful exploitation requires a authentication. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $0-$5k at the moment (estimation calculated on 05/29/2020).

The vulnerability was handled as a non-public zero-day exploit for at least 3 days. During that time the estimated underground price was around $0-$5k.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Productinfoedit

Vendor

• Red Hat

Name

• Satellite

CPE 2.3infoedit

• 🔍

CPE 2.2infoedit

• 🔍

CVSSv3infoedit

CVSSv2infoedit

Exploitinginfoedit

Threat Intelligenceinfoedit

Countermeasuresinfoedit

Timelineinfoedit

Sourcesinfoedit

Entryinfoedit

Comments