ID CVE-2012-6137
Summary rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate when migrating to a Certificate-based Red Hat Network, which allows remote man-in-the-middle attackers to obtain sensitive information such as user credentials.
References
Vulnerable Configurations
  • Red Hat Enterprise Linux 5 (Server)
    cpe:2.3:o:redhat:enterprise_linux:5:-:server
  • cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:-:client
    cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:-:client
  • Red Hat Enterprise Linux Desktop 6.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
  • cpe:2.3:o:redhat:enterprise_linux_eus:5.9.z:-:server
    cpe:2.3:o:redhat:enterprise_linux_eus:5.9.z:-:server
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node:6
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:6
  • cpe:2.3:o:redhat:enterprise_linux_long_life:5.9:-:server
    cpe:2.3:o:redhat:enterprise_linux_long_life:5.9:-:server
  • Red Hat Enterprise Linux Server 6.0
    cpe:2.3:o:redhat:enterprise_linux_server:6.0
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4
    cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:6.4.z
    cpe:2.3:o:redhat:enterprise_linux_server_eus:6.4.z
  • Red Hat Enterprise Linux Workstation 6.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
CVSS
Base: 4.3 (as of 22-05-2013 - 08:55)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
NASL family Red Hat Local Security Checks
NASL id REDHAT-RHSA-2013-0788.NASL
description Updated subscription-manager packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat Entitlement platform. It was discovered that the rhn-migrate-classic-to-rhsm tool did not verify the Red Hat Network Classic server's X.509 certificate when migrating system profiles registered with Red Hat Network Classic to Certificate-based Red Hat Network. An attacker could use this flaw to conduct man-in-the-middle attacks, allowing them to obtain the user's Red Hat Network credentials. (CVE-2012-6137) This issue was discovered by Florian Weimer of the Red Hat Product Security Team. All users of subscription-manager are advised to upgrade to these updated packages, which contain a backported patch to fix this issue.
last seen 2019-02-21
modified 2018-11-10
plugin id 66331
published 2013-05-07
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=66331
title RHEL 5 / 6 : subscription-manager (RHSA-2013:0788)
redhat via4
advisories
bugzilla
id 885130
title CVE-2012-6137 subscription-manager: rhn-migrate-classic-to-rhsm missing SSL certificate verification
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment subscription-manager is earlier than 0:1.0.24.1-1.el5_9
          oval oval:com.redhat.rhsa:tst:20130788002
        • comment subscription-manager is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20130788003
      • AND
        • comment subscription-manager-firstboot is earlier than 0:1.0.24.1-1.el5_9
          oval oval:com.redhat.rhsa:tst:20130788008
        • comment subscription-manager-firstboot is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20130788009
      • AND
        • comment subscription-manager-gui is earlier than 0:1.0.24.1-1.el5_9
          oval oval:com.redhat.rhsa:tst:20130788004
        • comment subscription-manager-gui is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20130788005
      • AND
        • comment subscription-manager-migration is earlier than 0:1.0.24.1-1.el5_9
          oval oval:com.redhat.rhsa:tst:20130788006
        • comment subscription-manager-migration is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20130788007
  • AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment subscription-manager is earlier than 0:1.1.23.1-1.el6_4
          oval oval:com.redhat.rhsa:tst:20130788014
        • comment subscription-manager is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130788015
      • AND
        • comment subscription-manager-firstboot is earlier than 0:1.1.23.1-1.el6_4
          oval oval:com.redhat.rhsa:tst:20130788020
        • comment subscription-manager-firstboot is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130788021
      • AND
        • comment subscription-manager-gui is earlier than 0:1.1.23.1-1.el6_4
          oval oval:com.redhat.rhsa:tst:20130788016
        • comment subscription-manager-gui is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130788017
      • AND
        • comment subscription-manager-migration is earlier than 0:1.1.23.1-1.el6_4
          oval oval:com.redhat.rhsa:tst:20130788018
        • comment subscription-manager-migration is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130788019
rhsa
id RHSA-2013:0788
released 2013-05-06
severity Moderate
title RHSA-2013:0788: subscription-manager security update (Moderate)
rpms
  • subscription-manager-0:1.0.24.1-1.el5_9
  • subscription-manager-firstboot-0:1.0.24.1-1.el5_9
  • subscription-manager-gui-0:1.0.24.1-1.el5_9
  • subscription-manager-migration-0:1.0.24.1-1.el5_9
  • subscription-manager-0:1.1.23.1-1.el6_4
  • subscription-manager-firstboot-0:1.1.23.1-1.el6_4
  • subscription-manager-gui-0:1.1.23.1-1.el6_4
  • subscription-manager-migration-0:1.1.23.1-1.el6_4
refmap via4
bid 59674
confirm https://bugzilla.redhat.com/show_bug.cgi?id=885130
osvdb 93058
sectrack 1028520
secunia 53330
xf redhat-ssl-cve20126137-sec-bypass(84020)
Last major update 22-05-2013 - 09:09
Published 21-05-2013 - 14:55
Last modified 28-08-2017 - 21:32
Back to Top