Oval Definition:oval:org.opensuse.security:def:202140348
Revision Date:2022-05-22Version:1
Title:CVE-2021-40348
Description:

Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, according to the installation setup. This can lead to the ability of an attacker to use --option to append arbitrary code to a root-owned file that eventually will be executed by the system. This is fixed in Uyuni spacewalk-admin 4.3.2-1.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2021-40348
SUSE CVE-2021-40348
SUSE-SU-2021:3561-1
SUSE-SU-2021:3562-1
Platform(s):Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure
Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM
Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
SUSE Linux Enterprise Module for SUSE Manager Server 4.1
SUSE Linux Enterprise Module for SUSE Manager Server 4.2
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.1
SUSE Manager Server 4.2
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for SUSE Manager Server 4.1 is installed
  • AND spacewalk-admin-4.1.10-3.15.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Manager Proxy 4.2 is installed
  • OR SUSE Manager Retail Branch Server 4.2 is installed
  • AND release-notes-susemanager-proxy-4.2.3-3.15.1 is installed
  • OR Package Information
  • SUSE Manager Server 4.2 is installed
  • AND release-notes-susemanager-4.2.3-3.19.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Module for SUSE Manager Server 4.2 is installed
  • OR SUSE Manager Server 4.2 is installed
  • AND
  • cobbler-3.1.2-5.11.1 is installed
  • OR hub-xmlrpc-api-0.7-3.3.3 is installed
  • OR inter-server-sync-0.0.5-8.6.3 is installed
  • OR patterns-suma_retail-4.2-4.3.1 is installed
  • OR patterns-suma_server-4.2-4.3.1 is installed
  • OR py26-compat-salt-2016.11.10-11.28.9.1 is installed
  • OR py26-compat-tornado-4.2.1-3.3.1 is installed
  • OR py27-compat-salt-3000.3-7.7.11.1 is installed
  • OR python3-spacewalk-certs-tools-4.2.13-3.9.2 is installed
  • OR python3-spacewalk-client-tools-4.2.14-4.9.3 is installed
  • OR spacecmd-4.2.13-4.9.1 is installed
  • OR spacewalk-admin-4.2.9-3.6.2 is installed
  • OR spacewalk-backend-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-app-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-applet-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-config-files-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-config-files-common-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-config-files-tool-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-iss-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-iss-export-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-package-push-server-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-server-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-sql-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-sql-postgresql-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-tools-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-xml-export-libs-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-xmlrpc-4.2.17-4.9.3 is installed
  • OR spacewalk-base-4.2.23-3.9.3 is installed
  • OR spacewalk-base-minimal-4.2.23-3.9.3 is installed
  • OR spacewalk-base-minimal-config-4.2.23-3.9.3 is installed
  • OR spacewalk-certs-tools-4.2.13-3.9.2 is installed
  • OR spacewalk-client-tools-4.2.14-4.9.3 is installed
  • OR spacewalk-html-4.2.23-3.9.3 is installed
  • OR spacewalk-java-4.2.30-3.14.4 is installed
  • OR spacewalk-java-config-4.2.30-3.14.4 is installed
  • OR spacewalk-java-lib-4.2.30-3.14.4 is installed
  • OR spacewalk-java-postgresql-4.2.30-3.14.4 is installed
  • OR spacewalk-taskomatic-4.2.30-3.14.4 is installed
  • OR spacewalk-utils-4.2.14-3.9.3 is installed
  • OR spacewalk-utils-extras-4.2.14-3.9.3 is installed
  • OR subscription-matcher-0.27-6.3.1 is installed
  • OR supportutils-plugin-susemanager-4.2.3-3.3.2 is installed
  • OR susemanager-4.2.25-3.13.1 is installed
  • OR susemanager-doc-indexes-4.2-12.11.3 is installed
  • OR susemanager-docs_en-4.2-12.11.1 is installed
  • OR susemanager-docs_en-pdf-4.2-12.11.1 is installed
  • OR susemanager-schema-4.2.18-3.9.3 is installed
  • OR susemanager-sls-4.2.18-3.11.1 is installed
  • OR susemanager-sync-data-4.2.9-3.9.1 is installed
  • OR susemanager-tools-4.2.25-3.13.1 is installed
  • OR susemanager-web-libs-4.2.23-3.9.3 is installed
  • OR uyuni-config-modules-4.2.18-3.11.1 is installed
  • OR virtualization-formulas-0.6.1-8.3.1 is installed
  • OR Package Information
  • Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure is installed
  • OR Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM is installed
  • OR Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE is installed
  • AND
  • patterns-suma_proxy-4.2-4.3.1 is installed
  • OR python3-spacewalk-certs-tools-4.2.13-3.9.2 is installed
  • OR python3-spacewalk-client-tools-4.2.14-4.9.3 is installed
  • OR spacewalk-backend-4.2.17-4.9.3 is installed
  • OR spacewalk-base-minimal-4.2.23-3.9.3 is installed
  • OR spacewalk-base-minimal-config-4.2.23-3.9.3 is installed
  • OR spacewalk-certs-tools-4.2.13-3.9.2 is installed
  • OR spacewalk-client-tools-4.2.14-4.9.3 is installed
  • OR spacewalk-proxy-broker-4.2.7-3.6.3 is installed
  • OR spacewalk-proxy-common-4.2.7-3.6.3 is installed
  • OR spacewalk-proxy-installer-4.2.7-3.9.3 is installed
  • OR spacewalk-proxy-management-4.2.7-3.6.3 is installed
  • OR spacewalk-proxy-package-manager-4.2.7-3.6.3 is installed
  • OR spacewalk-proxy-redirect-4.2.7-3.6.3 is installed
  • OR spacewalk-proxy-salt-4.2.7-3.6.3 is installed
  • OR Package Information
  • Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure is installed
  • OR Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM is installed
  • AND
  • cobbler-3.1.2-5.11.1 is installed
  • OR patterns-suma_server-4.2-4.3.1 is installed
  • OR py26-compat-salt-2016.11.10-11.28.9.1 is installed
  • OR py26-compat-tornado-4.2.1-3.3.1 is installed
  • OR py27-compat-salt-3000.3-7.7.11.1 is installed
  • OR python3-spacewalk-certs-tools-4.2.13-3.9.2 is installed
  • OR python3-spacewalk-client-tools-4.2.14-4.9.3 is installed
  • OR spacecmd-4.2.13-4.9.1 is installed
  • OR spacewalk-admin-4.2.9-3.6.2 is installed
  • OR spacewalk-backend-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-app-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-applet-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-config-files-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-config-files-common-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-config-files-tool-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-iss-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-iss-export-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-package-push-server-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-server-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-sql-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-sql-postgresql-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-tools-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-xml-export-libs-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-xmlrpc-4.2.17-4.9.3 is installed
  • OR spacewalk-base-4.2.23-3.9.3 is installed
  • OR spacewalk-base-minimal-4.2.23-3.9.3 is installed
  • OR spacewalk-base-minimal-config-4.2.23-3.9.3 is installed
  • OR spacewalk-certs-tools-4.2.13-3.9.2 is installed
  • OR spacewalk-client-tools-4.2.14-4.9.3 is installed
  • OR spacewalk-html-4.2.23-3.9.3 is installed
  • OR spacewalk-java-4.2.30-3.14.4 is installed
  • OR spacewalk-java-config-4.2.30-3.14.4 is installed
  • OR spacewalk-java-lib-4.2.30-3.14.4 is installed
  • OR spacewalk-java-postgresql-4.2.30-3.14.4 is installed
  • OR spacewalk-taskomatic-4.2.30-3.14.4 is installed
  • OR spacewalk-utils-4.2.14-3.9.3 is installed
  • OR subscription-matcher-0.27-6.3.1 is installed
  • OR supportutils-plugin-susemanager-4.2.3-3.3.2 is installed
  • OR susemanager-4.2.25-3.13.1 is installed
  • OR susemanager-doc-indexes-4.2-12.11.3 is installed
  • OR susemanager-docs_en-4.2-12.11.1 is installed
  • OR susemanager-docs_en-pdf-4.2-12.11.1 is installed
  • OR susemanager-schema-4.2.18-3.9.3 is installed
  • OR susemanager-sls-4.2.18-3.11.1 is installed
  • OR susemanager-sync-data-4.2.9-3.9.1 is installed
  • OR susemanager-tools-4.2.25-3.13.1 is installed
  • OR susemanager-web-libs-4.2.23-3.9.3 is installed
  • OR Package Information
  • Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE is installed
  • AND
  • cobbler-3.1.2-5.11.1 is installed
  • OR patterns-suma_server-4.2-4.3.1 is installed
  • OR py26-compat-salt-2016.11.10-11.28.9.1 is installed
  • OR py26-compat-tornado-4.2.1-3.3.1 is installed
  • OR py27-compat-salt-3000.3-7.7.11.1 is installed
  • OR python3-spacewalk-certs-tools-4.2.13-3.9.2 is installed
  • OR python3-spacewalk-client-tools-4.2.14-4.9.3 is installed
  • OR spacecmd-4.2.13-4.9.1 is installed
  • OR spacewalk-admin-4.2.9-3.6.2 is installed
  • OR spacewalk-backend-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-app-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-applet-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-config-files-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-config-files-common-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-config-files-tool-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-iss-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-iss-export-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-package-push-server-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-server-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-sql-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-sql-postgresql-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-tools-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-xml-export-libs-4.2.17-4.9.3 is installed
  • OR spacewalk-backend-xmlrpc-4.2.17-4.9.3 is installed
  • OR spacewalk-base-4.2.23-3.9.3 is installed
  • OR spacewalk-base-minimal-4.2.23-3.9.3 is installed
  • OR spacewalk-base-minimal-config-4.2.23-3.9.3 is installed
  • OR spacewalk-certs-tools-4.2.13-3.9.2 is installed
  • OR spacewalk-client-tools-4.2.14-4.9.3 is installed
  • OR spacewalk-html-4.2.23-3.9.3 is installed
  • OR spacewalk-java-4.2.30-3.14.4 is installed
  • OR spacewalk-java-config-4.2.30-3.14.4 is installed
  • OR spacewalk-java-lib-4.2.30-3.14.4 is installed
  • OR spacewalk-java-postgresql-4.2.30-3.14.4 is installed
  • OR spacewalk-taskomatic-4.2.30-3.14.4 is installed
  • OR spacewalk-utils-4.2.14-3.9.3 is installed
  • OR subscription-matcher-0.27-6.3.1 is installed
  • OR supportutils-plugin-susemanager-4.2.3-3.3.2 is installed
  • OR susemanager-4.2.25-3.13.1 is installed
  • OR susemanager-doc-indexes-4.2-12.11.3 is installed
  • OR susemanager-docs_en-4.2-12.11.1 is installed
  • OR susemanager-docs_en-pdf-4.2-12.11.1 is installed
  • OR susemanager-schema-4.2.18-3.9.3 is installed
  • OR susemanager-sls-4.2.18-3.11.1 is installed
  • OR susemanager-sync-data-4.2.9-3.9.1 is installed
  • OR susemanager-tools-4.2.25-3.13.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Module for SUSE Manager Server 4.1 is installed
  • OR SUSE Manager Server 4.1 is installed
  • AND spacewalk-admin-4.1.10-3.15.1 is installed
  • OR Package Information
  • Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure is installed
  • OR Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM is installed
  • OR Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE is installed
  • AND spacewalk-admin-4.1.10-3.15.1 is installed
    • BACK