ID CVE-2016-3704
Summary Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords.
References
Vulnerable Configurations
  • cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.2.1-1:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.2.1-1:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.8.2-1:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.8.2-1:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.8.4:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 23-02-2018 - 02:29)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
redhat via4
advisories
rhsa
id RHSA-2018:0336
rpms
  • candlepin-0:2.1.14-1.el7
  • candlepin-selinux-0:2.1.14-1.el7
  • foreman-0:1.15.6.34-1.el7sat
  • foreman-bootloaders-redhat-0:201801241201-2.el7sat
  • foreman-bootloaders-redhat-tftpboot-0:201801241201-2.el7sat
  • foreman-cli-0:1.15.6.34-1.el7sat
  • foreman-compute-0:1.15.6.34-1.el7sat
  • foreman-debug-0:1.15.6.34-1.el7sat
  • foreman-discovery-image-1:3.4.4-1.el7sat
  • foreman-ec2-0:1.15.6.34-1.el7sat
  • foreman-gce-0:1.15.6.34-1.el7sat
  • foreman-installer-1:1.15.6.8-1.el7sat
  • foreman-installer-katello-0:3.4.5.26-1.el7sat
  • foreman-libvirt-0:1.15.6.34-1.el7sat
  • foreman-openstack-0:1.15.6.34-1.el7sat
  • foreman-ovirt-0:1.15.6.34-1.el7sat
  • foreman-postgresql-0:1.15.6.34-1.el7sat
  • foreman-proxy-0:1.15.6.4-1.el7sat
  • foreman-proxy-content-0:3.4.5-15.el7sat
  • foreman-rackspace-0:1.15.6.34-1.el7sat
  • foreman-selinux-0:1.15.6.2-1.el7sat
  • foreman-vmware-0:1.15.6.34-1.el7sat
  • hiera-0:1.3.1-2.el7sat
  • katello-0:3.4.5-15.el7sat
  • katello-certs-tools-0:2.4.0-1.el7sat
  • katello-client-bootstrap-0:1.5.1-1.el7sat
  • katello-common-0:3.4.5-15.el7sat
  • katello-debug-0:3.4.5-15.el7sat
  • katello-installer-base-0:3.4.5.26-1.el7sat
  • katello-selinux-0:3.0.2-1.el7sat
  • katello-service-0:3.4.5-15.el7sat
  • kobo-0:0.5.1-1.el7sat
  • pulp-admin-client-0:2.13.4.6-1.el7sat
  • pulp-docker-admin-extensions-0:2.4.1-2.el7sat
  • pulp-docker-plugins-0:2.4.1-2.el7sat
  • pulp-katello-0:1.0.2-1.el7sat
  • pulp-nodes-child-0:2.13.4.6-1.el7sat
  • pulp-nodes-common-0:2.13.4.6-1.el7sat
  • pulp-nodes-parent-0:2.13.4.6-1.el7sat
  • pulp-ostree-admin-extensions-0:1.2.1.1-1.el7sat
  • pulp-ostree-plugins-0:1.2.1.1-1.el7sat
  • pulp-puppet-admin-extensions-0:2.13.4-3.el7sat
  • pulp-puppet-plugins-0:2.13.4-3.el7sat
  • pulp-puppet-tools-0:2.13.4-3.el7sat
  • pulp-rpm-admin-extensions-0:2.13.4.8-1.el7sat
  • pulp-rpm-plugins-0:2.13.4.8-1.el7sat
  • pulp-selinux-0:2.13.4.6-1.el7sat
  • pulp-server-0:2.13.4.6-1.el7sat
  • puppet-foreman_scap_client-0:0.3.16-1.el7sat
  • python-pulp-agent-lib-0:2.13.4.6-1.el7sat
  • python-pulp-bindings-0:2.13.4.6-1.el7sat
  • python-pulp-client-lib-0:2.13.4.6-1.el7sat
  • python-pulp-common-0:2.13.4.6-1.el7sat
  • python-pulp-docker-common-0:2.4.1-2.el7sat
  • python-pulp-oid_validation-0:2.13.4.6-1.el7sat
  • python-pulp-ostree-common-0:1.2.1.1-1.el7sat
  • python-pulp-puppet-common-0:2.13.4-3.el7sat
  • python-pulp-repoauth-0:2.13.4.6-1.el7sat
  • python-pulp-rpm-common-0:2.13.4.8-1.el7sat
  • python-pulp-streamer-0:2.13.4.6-1.el7sat
  • python-zope-interface-0:4.0.5-4.el7
  • python-zope-interface-debuginfo-0:4.0.5-4.el7
  • redhat-access-insights-puppet-0:0.0.9-2.el7sat
  • rubygem-foreman_scap_client-0:0.3.0-2.el7sat
  • rubygem-kafo-0:2.0.2-1.el7sat
  • rubygem-kafo_parsers-0:0.1.6-1.el7sat
  • rubygem-kafo_wizards-0:0.0.1-2.el7sat
  • rubygem-smart_proxy_dhcp_remote_isc-0:0.0.2.1-1.fm1_15.el7sat
  • rubygem-smart_proxy_discovery-0:1.0.4-3.el7sat
  • rubygem-smart_proxy_discovery_image-0:1.0.9-1.el7sat
  • rubygem-smart_proxy_dynflow-0:0.1.10-1.el7sat
  • rubygem-smart_proxy_openscap-0:0.6.9-1.el7sat
  • rubygem-smart_proxy_pulp-0:1.3.0-1.git.0.b5c2768.el7sat
  • rubygem-smart_proxy_remote_execution_ssh-0:0.1.6-1.el7sat
  • rubygem-tilt-0:1.3.7-2.git.0.3b416c9.el7sat
  • satellite-0:6.3.0-23.0.el7sat
  • satellite-capsule-0:6.3.0-23.0.el7sat
  • satellite-cli-0:6.3.0-23.0.el7sat
  • satellite-common-0:6.3.0-23.0.el7sat
  • satellite-debug-tools-0:6.3.0-23.0.el7sat
  • satellite-installer-0:6.3.0.12-1.el7sat
  • tfm-rubygem-bastion-0:5.1.1.4-1.fm1_15.el7sat
  • tfm-rubygem-foreman-redhat_access-0:2.0.13-1.el7sat
  • tfm-rubygem-foreman-tasks-0:0.9.6.4-1.fm1_15.el7sat
  • tfm-rubygem-foreman-tasks-core-0:0.1.8-1.fm1_15.el7sat
  • tfm-rubygem-foreman_bootdisk-0:10.0.2.2-1.fm1_15.el7sat
  • tfm-rubygem-foreman_discovery-0:9.1.5.3-1.fm1_15.el7sat
  • tfm-rubygem-foreman_docker-0:3.1.0.3-1.fm1_15.el7sat
  • tfm-rubygem-foreman_hooks-0:0.3.14-1.fm1_15.el7sat
  • tfm-rubygem-foreman_openscap-0:0.7.11-1.fm1_15.el7sat
  • tfm-rubygem-foreman_remote_execution-0:1.3.7.2-1.fm1_15.el7sat
  • tfm-rubygem-foreman_remote_execution_core-0:1.0.6-1.fm1_15.el7sat
  • tfm-rubygem-foreman_templates-0:5.0.1-1.fm1_15.el7sat
  • tfm-rubygem-foreman_theme_satellite-0:1.0.4.16-1.el7sat
  • tfm-rubygem-foreman_virt_who_configure-0:0.1.9-1.fm1_15.el7sat
  • tfm-rubygem-hammer_cli-0:0.11.0.1-1.el7sat
  • tfm-rubygem-hammer_cli_csv-0:2.3.0-1.el7sat
  • tfm-rubygem-hammer_cli_foreman-0:0.11.0.5-1.el7sat
  • tfm-rubygem-hammer_cli_foreman_admin-0:0.0.8-1.el7sat
  • tfm-rubygem-hammer_cli_foreman_bootdisk-0:0.1.3.3-2.el7sat
  • tfm-rubygem-hammer_cli_foreman_discovery-0:1.0.0-1.el7sat
  • tfm-rubygem-hammer_cli_foreman_docker-0:0.0.6-2.el7sat
  • tfm-rubygem-hammer_cli_foreman_openscap-0:0.1.5-1.fm1_15.el7sat
  • tfm-rubygem-hammer_cli_foreman_remote_execution-0:0.0.6-1.fm1_15.el7sat
  • tfm-rubygem-hammer_cli_foreman_tasks-0:0.0.12-1.fm1_15.el7sat
  • tfm-rubygem-hammer_cli_foreman_virt_who_configure-0:0.0.3-1.el7sat
  • tfm-rubygem-hammer_cli_katello-0:0.11.3.5-1.el7sat
  • tfm-rubygem-katello-0:3.4.5.58-1.el7sat
  • tfm-rubygem-katello_ostree-0:3.4.5.58-1.el7sat
  • tfm-rubygem-ovirt_provision_plugin-0:1.0.2-1.fm1_15.el7sat
  • tfm-rubygem-smart_proxy_dynflow_core-0:0.1.10-1.fm1_15.el7sat
refmap via4
confirm
fedora FEDORA-2016-4373f7d32a
misc
Last major update 23-02-2018 - 02:29
Published 13-06-2017 - 17:29
Last modified 23-02-2018 - 02:29
Back to Top