CVE-2021-40348
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, according to the installation setup. This can lead to the ability of an attacker to use --option to append arbitrary code to a root-owned file that eventually will be executed by the system. This is fixed in Uyuni spacewalk-admin 4.3.2-1.
Spacewalk versión 2.10, y sus derivados como Uyuni versión 2021.08, permiten la inyección de código. El archivo rhn-config-satellite.pl no sanea el nombre del archivo de configuración usado para añadir el par clave-valor específico de Spacewalk. El script está pensado para ser ejecutado por la cuenta de usuario tomcat con Sudo, según la configuración de la instalación. Esto puede conllevar a la posibilidad de que un atacante use la opción --option para anexar código arbitrario a un archivo propiedad de root que finalmente será ejecutado por el sistema. Esto es corregido en Uyuni spacewalk-admin versión 4.3.2-1
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-08-31 CVE Reserved
- 2021-11-01 CVE Published
- 2024-07-17 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
http://www.openwall.com/lists/oss-security/2021/10/28/4 | 2024-08-04 |
URL | Date | SRC |
---|---|---|
https://github.com/uyuni-project/uyuni/commit/790c7388efac6923c5475e01c1ff718dffa9f052 | 2022-11-14 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Uyuni-project Search vendor "Uyuni-project" | Uyuni Search vendor "Uyuni-project" for product "Uyuni" | 2021.08 Search vendor "Uyuni-project" for product "Uyuni" and version "2021.08" | - |
Affected
| ||||||
Spacewalk Project Search vendor "Spacewalk Project" | Spacewalk Search vendor "Spacewalk Project" for product "Spacewalk" | 2.10 Search vendor "Spacewalk Project" for product "Spacewalk" and version "2.10" | - |
Affected
|