CVE-2015-1777

Published: Apr 12, 2018Modified: Nov 21, 2024

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

rhnreg_ks in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Gluster Storage 2.1 and Enterprise Linux (RHEL) 5, 6, and 7 does not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to prevent system registration via a man-in-the-middle attack.

Affected (1)

Products: Redhat: Rhn Client Tools

1 product

Rhn Client Tools

Configuration A

1 vulnerable · 4 platform

Vulnerable Software	Affected Versions
Redhat Rhn Client Tools	All versions

Running on/with	Platform Versions
Redhat Enterprise Linux	Version 5.0
Redhat Enterprise Linux	Version 6.0
Redhat Enterprise Linux	Version 7.0
Redhat Gluster Storage	Version 2.1

Related CWEs

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

References (6)

http://www.openwall.com/lists/oss-security/2015/03/04/7

Source: secalert@redhat.com

Mailing List

http://www.securityfocus.com/bid/72943

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1198740

Source: secalert@redhat.com

Issue Tracking

http://www.openwall.com/lists/oss-security/2015/03/04/7

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

http://www.securityfocus.com/bid/72943

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1198740

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

Timeline

No history available yet.