Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-2236

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2010-2236
Last Modified 16 Apr 2014 10:53:21
Published 15 Apr 2014 07:55:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2010-2236

Summary

The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, related to backticks.

Vulnerable Systems

Application

  • Redhat Network Proxy 5.3

  • Redhat Network Satellite 4.0

  • Redhat Network Satellite 4.1

  • Redhat Network Satellite 4.2

  • Redhat Network Satellite 5.1

  • Redhat Network Satellite 5.2

  • Redhat Network Satellite 5.3

  • Redhat Spacewalk-java 2.1.147-1


References

CONFIRM - https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=c41c87a9dc9dac771eb761dd63ada05b2f9104f9

CONFIRM - https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f

SUSE - SUSE-SU-2014:0222

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=607712

MISC - https://bugzilla.redhat.com/attachment.cgi?id=819987&action=diff

SECUNIA - 56952


Last Updated: 27 May 2016 11:05:00