6

CVE-2010-2236

Exploit
The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, related to backticks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatNetwork Proxy Version5.3
RedhatSatellite Version4.0
RedhatSatellite Version4.1
RedhatSatellite Version4.2
RedhatSatellite Version5.1
RedhatSatellite Version5.2
RedhatSatellite Version5.3
RedhatSpacewalk-java Version <= 2.1.147-1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.06% 0.859
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6 6.8 6.4
AV:N/AC:M/Au:S/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/56952
Vendor Advisory
https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f
Patch
Exploit
https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html
https://bugzilla.redhat.com/attachment.cgi?id=819987&action=diff
https://bugzilla.redhat.com/show_bug.cgi?id=607712
https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=c41c87a9dc9dac771eb761dd63ada05b2f9104f9
Patch
Exploit