检测

插件

RHEL 6：Red Hat Satellite 5.7.0 全面可用性（中危）(RHSA-2015:0033)

medium Nessus 插件 ID 80505

语言：

简介

远程 Red Hat 主机缺少一个或多个安全更新。

描述

远程 Redhat Enterprise Linux 6 主机上安装的程序包受到 RHSA-2015:0033 公告中提及的多个漏洞的影响。

Red Hat Satellite 向需要对其服务器的维护和程序包部署实施绝对控制和隐私保护的组织提供了一款解决方案。它允许组织利用 Red Hat Network (RHN) 的优势，而不用向其服务器或其他客户端系统提供公共 Internet 访问权限。

此更新引入 Red Hat Satellite 5.7.0。有关此版本中包含的新功能的完整列表，请参阅“发行说明”文档，网址是：

https://access.redhat.com/documentation/en-US/Red_Hat_Satellite/5.7/

注意：Red Hat Satellite 5.7 和 Red Hat Satellite Proxy 5.7 可供安装在 Red Hat Enterprise Linux Server 6 中。有关包括受支持体系结构组合在内的全部细节，请参考 Red Hat Satellite 5.7 安装指南。

此更新修复了以下安全问题：

在对通过 REST API 传递到 Satellite 的 XML 数据的处理中发现多种存储的跨站脚本 (XSS) 缺陷。通过向 Satellite 发送特别构建的请求，经认证的远程攻击者可将 HTML 内容嵌入存储的数据，并可将恶意内容注入用于查看该数据的网页中。
(CVE-2014-7811)

在 System Groups 字段中发现一个存储的跨站脚本 (XSS) 缺陷。通过向 Satellite 发送特别构建的请求，经认证的远程攻击者可将 HTML 内容嵌入存储的数据，并可将恶意内容注入用于查看该数据的网页中。(CVE-2014-7812)

Red Hat 在此感谢 Mickal Gallier 报告这些问题。

建议所有 Red Hat Satellite 用户安装此新发布的版本。

Tenable 已直接从 Red Hat Enterprise Linux 安全公告中提取上述描述块。

请注意，Nessus 尚未测试这些问题，而是只依据应用程序自我报告的版本号进行判断。

解决方案

更新受影响的程序包。

另见

http://www.nessus.org/u?af943eb9

https://access.redhat.com/documentation/en-US/Red_Hat_Satellite/5.7/

https://access.redhat.com/errata/RHSA-2015:0033

https://access.redhat.com/security/updates/classification/#moderate

https://bugzilla.redhat.com/show_bug.cgi?id=1156299

https://bugzilla.redhat.com/show_bug.cgi?id=1172934

插件详情

严重性: Medium

ID: 80505

文件名: redhat-RHSA-2015-0033.nasl

版本: 1.14

类型: local

代理: unix

系列: Red Hat Local Security Checks

发布时间: 2015/1/14

最近更新时间: 2025/3/21

支持的传感器: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

风险信息

VPR

风险因素: Low

分数: 3.0

Vendor

Vendor Severity: Moderate

CVSS v2

风险因素: Low

基本分数: 3.5

时间分数: 2.6

矢量: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS 分数来源: CVE-2014-7812

CVSS v3

风险因素: Medium

基本分数: 5.4

时间分数: 4.7

矢量: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

时间矢量: CVSS:3.0/E:U/RL:O/RC:C

漏洞信息

CPE: p-cpe:/a:redhat:enterprise_linux:python-gzipstream, p-cpe:/a:redhat:enterprise_linux:dojo, p-cpe:/a:redhat:enterprise_linux:perl-class-methodmaker, p-cpe:/a:redhat:enterprise_linux:dwr, p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-package-push-server, p-cpe:/a:redhat:enterprise_linux:cobbler, cpe:/o:redhat:enterprise_linux:6, p-cpe:/a:redhat:enterprise_linux:pyyaml, p-cpe:/a:redhat:enterprise_linux:eventreceivers, p-cpe:/a:redhat:enterprise_linux:udns, p-cpe:/a:redhat:enterprise_linux:pwstrength-bootstrap, p-cpe:/a:redhat:enterprise_linux:perl-nocpulse-clac, p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-sql-postgresql, p-cpe:/a:redhat:enterprise_linux:bootstrap-datepicker, p-cpe:/a:redhat:enterprise_linux:jakarta-commons-logging, p-cpe:/a:redhat:enterprise_linux:perl-filesys-df, p-cpe:/a:redhat:enterprise_linux:objectweb-asm, p-cpe:/a:redhat:enterprise_linux:spacewalk-sniglets, p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm, p-cpe:/a:redhat:enterprise_linux:spacewalk-oracle, p-cpe:/a:redhat:enterprise_linux:spacewalk-backend, p-cpe:/a:redhat:enterprise_linux:struts, p-cpe:/a:redhat:enterprise_linux:perl-apache-dbi, p-cpe:/a:redhat:enterprise_linux:spacewalk-java-postgresql, p-cpe:/a:redhat:enterprise_linux:perl-nocpulse-processpool, p-cpe:/a:redhat:enterprise_linux:perl-net-ipv4addr, p-cpe:/a:redhat:enterprise_linux:satellite-doc-indexes, p-cpe:/a:redhat:enterprise_linux:perl-crypt-generatepassword, p-cpe:/a:redhat:enterprise_linux:osa-dispatcher-selinux, p-cpe:/a:redhat:enterprise_linux:antlr, p-cpe:/a:redhat:enterprise_linux:perl-dbd-oracle, p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-iss, p-cpe:/a:redhat:enterprise_linux:perl-io-stringy, p-cpe:/a:redhat:enterprise_linux:perl-nocpulse-oracledb, p-cpe:/a:redhat:enterprise_linux:spacewalk-monitoring-selinux, p-cpe:/a:redhat:enterprise_linux:perl-nocpulse-object, p-cpe:/a:redhat:enterprise_linux:tsdb, p-cpe:/a:redhat:enterprise_linux:struts-core, p-cpe:/a:redhat:enterprise_linux:apache-commons-beanutils, p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-config-files-tool, p-cpe:/a:redhat:enterprise_linux:perl-mime-tools, p-cpe:/a:redhat:enterprise_linux:postgresql92-runtime, p-cpe:/a:redhat:enterprise_linux:spacewalk-base-minimal-config, p-cpe:/a:redhat:enterprise_linux:quartz-oracle, p-cpe:/a:redhat:enterprise_linux:scl-utils, p-cpe:/a:redhat:enterprise_linux:sputlite, p-cpe:/a:redhat:enterprise_linux:perl-params-validate, p-cpe:/a:redhat:enterprise_linux:cx_oracle, p-cpe:/a:redhat:enterprise_linux:perl-config-inifiles, p-cpe:/a:redhat:enterprise_linux:spacewalk-search, p-cpe:/a:redhat:enterprise_linux:perl-libapreq2, p-cpe:/a:redhat:enterprise_linux:bootstrap, p-cpe:/a:redhat:enterprise_linux:glassfish-jsf, p-cpe:/a:redhat:enterprise_linux:cglib, p-cpe:/a:redhat:enterprise_linux:perl-soap-lite, p-cpe:/a:redhat:enterprise_linux:spacewalk-monitoring, p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-config-files-common, p-cpe:/a:redhat:enterprise_linux:xalan-j2, p-cpe:/a:redhat:enterprise_linux:sputlite-client, p-cpe:/a:redhat:enterprise_linux:spacewalk-setup-postgresql, p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-sql-oracle, p-cpe:/a:redhat:enterprise_linux:jakarta-commons-fileupload, p-cpe:/a:redhat:enterprise_linux:spacewalk-html, p-cpe:/a:redhat:enterprise_linux:spacewalk-setup, p-cpe:/a:redhat:enterprise_linux:snmpalerts, p-cpe:/a:redhat:enterprise_linux:rhnlib, p-cpe:/a:redhat:enterprise_linux:progagogo, p-cpe:/a:redhat:enterprise_linux:nocpulseplugins-oracle, p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-xml-export-libs, p-cpe:/a:redhat:enterprise_linux:spacewalk-web, p-cpe:/a:redhat:enterprise_linux:jakarta-taglibs-standard, p-cpe:/a:redhat:enterprise_linux:jakarta-commons-logging-jboss, p-cpe:/a:redhat:enterprise_linux:perl-satcon, p-cpe:/a:redhat:enterprise_linux:spacewalk-java-oracle, p-cpe:/a:redhat:enterprise_linux:spacewalk-admin, p-cpe:/a:redhat:enterprise_linux:perl-net-inet6glue, p-cpe:/a:redhat:enterprise_linux:tanukiwrapper, p-cpe:/a:redhat:enterprise_linux:jabberpy, p-cpe:/a:redhat:enterprise_linux:oracle-nofcontext-selinux, p-cpe:/a:redhat:enterprise_linux:perl-nocpulse-gritch, p-cpe:/a:redhat:enterprise_linux:apache-commons-cli, p-cpe:/a:redhat:enterprise_linux:oracle-config, p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel, p-cpe:/a:redhat:enterprise_linux:oscache, p-cpe:/a:redhat:enterprise_linux:spacewalk, p-cpe:/a:redhat:enterprise_linux:jakarta-commons-validator, p-cpe:/a:redhat:enterprise_linux:libapreq2, p-cpe:/a:redhat:enterprise_linux:perl-nocpulse-utils, p-cpe:/a:redhat:enterprise_linux:jakarta-commons-digester, p-cpe:/a:redhat:enterprise_linux:select2, p-cpe:/a:redhat:enterprise_linux:perl-crypt-des, p-cpe:/a:redhat:enterprise_linux:dom4j, p-cpe:/a:redhat:enterprise_linux:npalert, p-cpe:/a:redhat:enterprise_linux:satconfig-bootstrap, p-cpe:/a:redhat:enterprise_linux:jakarta-commons-el, p-cpe:/a:redhat:enterprise_linux:jboss-javaee-poms, p-cpe:/a:redhat:enterprise_linux:concurrent, p-cpe:/a:redhat:enterprise_linux:perl-class-singleton, p-cpe:/a:redhat:enterprise_linux:libyaml, p-cpe:/a:redhat:enterprise_linux:sputlite-server, p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-libs, p-cpe:/a:redhat:enterprise_linux:jakarta-commons-io, p-cpe:/a:redhat:enterprise_linux:perl-datetime, p-cpe:/a:redhat:enterprise_linux:rhn-solaris-bootstrap, p-cpe:/a:redhat:enterprise_linux:select2-bootstrap-css, p-cpe:/a:redhat:enterprise_linux:spacewalk-base-minimal, p-cpe:/a:redhat:enterprise_linux:momentjs, p-cpe:/a:redhat:enterprise_linux:postgresql92-postgresql-libs, p-cpe:/a:redhat:enterprise_linux:jakarta-oro, p-cpe:/a:redhat:enterprise_linux:jfreechart, p-cpe:/a:redhat:enterprise_linux:ssl_bridge, p-cpe:/a:redhat:enterprise_linux:spacewalk-dobby, p-cpe:/a:redhat:enterprise_linux:jdom, p-cpe:/a:redhat:enterprise_linux:libntlm, p-cpe:/a:redhat:enterprise_linux:perl-list-moreutils, p-cpe:/a:redhat:enterprise_linux:cobbler-loaders, p-cpe:/a:redhat:enterprise_linux:spacewalk-java-lib, p-cpe:/a:redhat:enterprise_linux:python-psycopg2, p-cpe:/a:redhat:enterprise_linux:postgresql92-postgresql-server, p-cpe:/a:redhat:enterprise_linux:jboss-transaction-1.0.1-api, p-cpe:/a:redhat:enterprise_linux:satconfig-spread, p-cpe:/a:redhat:enterprise_linux:satconfig-bootstrap-server, p-cpe:/a:redhat:enterprise_linux:spacewalk-setup-jabberd, p-cpe:/a:redhat:enterprise_linux:nutch, p-cpe:/a:redhat:enterprise_linux:oracle-instantclient-selinux, p-cpe:/a:redhat:enterprise_linux:spacewalk-schema, p-cpe:/a:redhat:enterprise_linux:hibernate3, p-cpe:/a:redhat:enterprise_linux:jakarta-commons-chain, p-cpe:/a:redhat:enterprise_linux:oracle-instantclient-sqlplus, p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-config-files, p-cpe:/a:redhat:enterprise_linux:jboss-javaee, p-cpe:/a:redhat:enterprise_linux:spacewalk-common, p-cpe:/a:redhat:enterprise_linux:satellite-branding, p-cpe:/a:redhat:enterprise_linux:spacecmd, p-cpe:/a:redhat:enterprise_linux:perl-html-tableextract, p-cpe:/a:redhat:enterprise_linux:perl-termreadkey, p-cpe:/a:redhat:enterprise_linux:jquery-timepicker, p-cpe:/a:redhat:enterprise_linux:osa-dispatcher, p-cpe:/a:redhat:enterprise_linux:editarea, p-cpe:/a:redhat:enterprise_linux:postgresql92, p-cpe:/a:redhat:enterprise_linux:perl-email-date-format, p-cpe:/a:redhat:enterprise_linux:perl-nocpulse-debug, p-cpe:/a:redhat:enterprise_linux:oracle-instantclient-sqlplus-selinux, p-cpe:/a:redhat:enterprise_linux:spacewalk-certs-tools, p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-app, p-cpe:/a:redhat:enterprise_linux:jabberd, p-cpe:/a:redhat:enterprise_linux:javassist, p-cpe:/a:redhat:enterprise_linux:perl-cache-cache, p-cpe:/a:redhat:enterprise_linux:perl-nocpulse-probe-oracle, p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-xmlrpc, p-cpe:/a:redhat:enterprise_linux:spacewalk-utils, p-cpe:/a:redhat:enterprise_linux:status_log_acceptor, p-cpe:/a:redhat:enterprise_linux:stringtree-json, p-cpe:/a:redhat:enterprise_linux:font-awesome, p-cpe:/a:redhat:enterprise_linux:spacewalk-ssl-cert-check, p-cpe:/a:redhat:enterprise_linux:libgsasl, p-cpe:/a:redhat:enterprise_linux:spacewalk-postgresql, p-cpe:/a:redhat:enterprise_linux:perl-nocpulse-scheduler, p-cpe:/a:redhat:enterprise_linux:nocpulseplugins, p-cpe:/a:redhat:enterprise_linux:perl-nocpulse-setid, p-cpe:/a:redhat:enterprise_linux:satconfig-general, p-cpe:/a:redhat:enterprise_linux:spacewalk-selinux, p-cpe:/a:redhat:enterprise_linux:spacewalk-reports, p-cpe:/a:redhat:enterprise_linux:ace-editor, p-cpe:/a:redhat:enterprise_linux:perl-nocpulse-persistentconnection, p-cpe:/a:redhat:enterprise_linux:nocpulse-common, p-cpe:/a:redhat:enterprise_linux:postgresql92-postgresql-contrib, p-cpe:/a:redhat:enterprise_linux:perl-mime-lite, p-cpe:/a:redhat:enterprise_linux:sitemesh, p-cpe:/a:redhat:enterprise_linux:satellite-schema, p-cpe:/a:redhat:enterprise_linux:jakarta-commons-codec, p-cpe:/a:redhat:enterprise_linux:perl-berkeleydb, p-cpe:/a:redhat:enterprise_linux:postgresql92-postgresql, p-cpe:/a:redhat:enterprise_linux:postgresql92-postgresql-pltcl, p-cpe:/a:redhat:enterprise_linux:perl-convert-binhex, p-cpe:/a:redhat:enterprise_linux:spacewalk-base, p-cpe:/a:redhat:enterprise_linux:rhn_solaris_bootstrap_5_4_1_9, p-cpe:/a:redhat:enterprise_linux:perl-mime-types, p-cpe:/a:redhat:enterprise_linux:spacewalk-pxt, p-cpe:/a:redhat:enterprise_linux:redstone-xmlrpc, p-cpe:/a:redhat:enterprise_linux:libreadline-java, p-cpe:/a:redhat:enterprise_linux:roboto, p-cpe:/a:redhat:enterprise_linux:quartz, p-cpe:/a:redhat:enterprise_linux:jcommon, p-cpe:/a:redhat:enterprise_linux:satconfig-cluster, p-cpe:/a:redhat:enterprise_linux:satconfig-installer, p-cpe:/a:redhat:enterprise_linux:patternfly1, p-cpe:/a:redhat:enterprise_linux:struts-taglib, p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-server, p-cpe:/a:redhat:enterprise_linux:perl-xml-generator, p-cpe:/a:redhat:enterprise_linux:oracle-instantclient, p-cpe:/a:redhat:enterprise_linux:postgresql92-postgresql-upgrade, p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-iss-export, p-cpe:/a:redhat:enterprise_linux:messagequeue, p-cpe:/a:redhat:enterprise_linux:oracle-instantclient-basic, p-cpe:/a:redhat:enterprise_linux:spacewalk-slf4j, p-cpe:/a:redhat:enterprise_linux:spacewalk-taskomatic, p-cpe:/a:redhat:enterprise_linux:struts-extras, p-cpe:/a:redhat:enterprise_linux:perl-mail-rfc822-address, p-cpe:/a:redhat:enterprise_linux:spacewalk-java-config, p-cpe:/a:redhat:enterprise_linux:simple-core, p-cpe:/a:redhat:enterprise_linux:rhnpush, p-cpe:/a:redhat:enterprise_linux:osad, p-cpe:/a:redhat:enterprise_linux:nocpulse-db-perl, p-cpe:/a:redhat:enterprise_linux:rhn-i18n-guides, p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-tools, p-cpe:/a:redhat:enterprise_linux:scdb, p-cpe:/a:redhat:enterprise_linux:perl-nocpulse-probe, p-cpe:/a:redhat:enterprise_linux:python-debian, p-cpe:/a:redhat:enterprise_linux:spacewalk-grail, p-cpe:/a:redhat:enterprise_linux:jakarta-commons-lang, p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-sql, p-cpe:/a:redhat:enterprise_linux:perl-net-snmp, p-cpe:/a:redhat:enterprise_linux:jakarta-commons-parent, p-cpe:/a:redhat:enterprise_linux:satellite-repo, p-cpe:/a:redhat:enterprise_linux:rhn-i18n-release-notes, p-cpe:/a:redhat:enterprise_linux:satconfig-generator, p-cpe:/a:redhat:enterprise_linux:jquery-ui, p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-applet, p-cpe:/a:redhat:enterprise_linux:spacewalk-java, p-cpe:/a:redhat:enterprise_linux:oracle-selinux, p-cpe:/a:redhat:enterprise_linux:spacewalk-config, p-cpe:/a:redhat:enterprise_linux:c3p0, p-cpe:/a:redhat:enterprise_linux:perl-ipc-sharelite, p-cpe:/a:redhat:enterprise_linux:jpam

必需的 KB 项: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

易利用性: No known exploits are available

补丁发布日期: 2015/1/13

漏洞发布日期: 2015/1/15

参考资料信息

CVE: CVE-2014-7811, CVE-2014-7812

BID: 74825, 74829

CWE: 79

RHSA: 2015:0033