Vulnerabilities > CVE-2012-6137 - Credentials Management vulnerability in Redhat products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate when migrating to a Certificate-based Red Hat Network, which allows remote man-in-the-middle attackers to obtain sensitive information such as user credentials.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0788.NASL description Updated subscription-manager packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat Entitlement platform. It was discovered that the rhn-migrate-classic-to-rhsm tool did not verify the Red Hat Network Classic server last seen 2020-06-01 modified 2020-06-02 plugin id 66331 published 2013-05-07 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66331 title RHEL 5 / 6 : subscription-manager (RHSA-2013:0788) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:0788. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(66331); script_version("1.13"); script_cvs_date("Date: 2019/10/24 15:35:37"); script_cve_id("CVE-2012-6137"); script_xref(name:"RHSA", value:"2013:0788"); script_name(english:"RHEL 5 / 6 : subscription-manager (RHSA-2013:0788)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated subscription-manager packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat Entitlement platform. It was discovered that the rhn-migrate-classic-to-rhsm tool did not verify the Red Hat Network Classic server's X.509 certificate when migrating system profiles registered with Red Hat Network Classic to Certificate-based Red Hat Network. An attacker could use this flaw to conduct man-in-the-middle attacks, allowing them to obtain the user's Red Hat Network credentials. (CVE-2012-6137) This issue was discovered by Florian Weimer of the Red Hat Product Security Team. All users of subscription-manager are advised to upgrade to these updated packages, which contain a backported patch to fix this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2013:0788" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-6137" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:subscription-manager"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:subscription-manager-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:subscription-manager-firstboot"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:subscription-manager-gui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:subscription-manager-migration"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.9"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.4"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/05/21"); script_set_attribute(attribute:"patch_publication_date", value:"2013/05/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/07"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2013:0788"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"subscription-manager-1.0.24.1-1.el5_9")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"subscription-manager-1.0.24.1-1.el5_9")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"subscription-manager-1.0.24.1-1.el5_9")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"subscription-manager-debuginfo-1.0.24.1-1.el5_9")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"subscription-manager-debuginfo-1.0.24.1-1.el5_9")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"subscription-manager-debuginfo-1.0.24.1-1.el5_9")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"subscription-manager-firstboot-1.0.24.1-1.el5_9")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"subscription-manager-firstboot-1.0.24.1-1.el5_9")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"subscription-manager-firstboot-1.0.24.1-1.el5_9")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"subscription-manager-gui-1.0.24.1-1.el5_9")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"subscription-manager-gui-1.0.24.1-1.el5_9")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"subscription-manager-gui-1.0.24.1-1.el5_9")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"subscription-manager-migration-1.0.24.1-1.el5_9")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"subscription-manager-migration-1.0.24.1-1.el5_9")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"subscription-manager-migration-1.0.24.1-1.el5_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"subscription-manager-1.1.23.1-1.el6_4")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"subscription-manager-1.1.23.1-1.el6_4")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"subscription-manager-1.1.23.1-1.el6_4")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"subscription-manager-debuginfo-1.1.23.1-1.el6_4")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"subscription-manager-debuginfo-1.1.23.1-1.el6_4")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"subscription-manager-debuginfo-1.1.23.1-1.el6_4")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"subscription-manager-firstboot-1.1.23.1-1.el6_4")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"subscription-manager-firstboot-1.1.23.1-1.el6_4")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"subscription-manager-firstboot-1.1.23.1-1.el6_4")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"subscription-manager-gui-1.1.23.1-1.el6_4")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"subscription-manager-gui-1.1.23.1-1.el6_4")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"subscription-manager-gui-1.1.23.1-1.el6_4")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"subscription-manager-migration-1.1.23.1-1.el6_4")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"subscription-manager-migration-1.1.23.1-1.el6_4")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"subscription-manager-migration-1.1.23.1-1.el6_4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "subscription-manager / subscription-manager-debuginfo / etc"); } }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0907.NASL description An updated rhev-hypervisor6 package that fixes two security issues and various bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way KVM initialized a guest last seen 2020-06-01 modified 2020-06-02 plugin id 78961 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78961 title RHEL 6 : rhev-hypervisor6 (RHSA-2013:0907) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:0907. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(78961); script_version("1.11"); script_cvs_date("Date: 2019/10/24 15:35:37"); script_cve_id("CVE-2013-0167", "CVE-2013-1935"); script_xref(name:"RHSA", value:"2013:0907"); script_name(english:"RHEL 6 : rhev-hypervisor6 (RHSA-2013:0907)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "An updated rhev-hypervisor6 package that fixes two security issues and various bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way KVM initialized a guest's registered pv_eoi (paravirtualized end-of-interrupt) indication flag when entering the guest. An unprivileged guest user could potentially use this flaw to crash the host. (CVE-2013-1935) A flaw was found in the way unexpected fields in guestInfo dictionaries were processed. A privileged guest user could potentially use this flaw to make the host the guest is running on unavailable to the management server. (CVE-2013-0167) Red Hat would like to thank IBM for reporting the CVE-2013-1935 issue. The CVE-2013-0167 issue was discovered by Dan Kenigsberg of the Red Hat Enterprise Virtualization team. This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2013-1962 (libvirt issue) CVE-2013-2017 and CVE-2013-1943 (kernel issues) CVE-2012-6137 (subscription-manager issue) This update also contains the fixes from the following errata : * vdsm: RHSA-2013:0886, which adds support for Red Hat Enterprise Virtualization 3.2 clusters. * ovirt-node: RHBA-2013:0908 Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization Hypervisor through the 3.2 Manager administration portal, the Host may appear with the status of 'Install Failed'. If this happens, place the host into maintenance mode, then activate it again to get the host back to an 'Up' state. Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which corrects these issues." ); # https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c6b506c4" ); # https://rhn.redhat.com/errata/RHSA-2013-0886.html script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2013:0886" ); # https://rhn.redhat.com/errata/RHBA-2013-0908.html script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHBA-2013:0908" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2013:0907" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-1935" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-0167" ); script_set_attribute( attribute:"solution", value:"Update the affected rhev-hypervisor6 package." ); script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/07/16"); script_set_attribute(attribute:"patch_publication_date", value:"2013/06/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/08"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2013:0907"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", reference:"rhev-hypervisor6-6.4-20130528.0.el6_4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rhev-hypervisor6"); } }
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|