csaf_certbund - wid-sec-w-2025-1012

wid-sec-w-2025-1012

Vulnerability from csaf_certbund

Published

2025-05-12 22:00

Modified

2025-07-16 22:00

Summary

Red Hat Enterprise Linux: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um einen Denial of Service Angriff durchzuführen oder Dateien zu manipulieren.

Betroffene Betriebssysteme

- Linux - UNIX

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren oder Dateien zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1012 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1012.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1012 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1012"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory vom 2025-05-12",
        "url": "https://access.redhat.com/errata/RHSA-2025:7064"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory vom 2025-05-12",
        "url": "https://access.redhat.com/errata/RHSA-2025:7085"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2025-203B7DB566 vom 2025-07-17",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-203b7db566"
      }
    ],
    "source_lang": "en-US",
    "title": "Red Hat Enterprise Linux: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-07-16T22:00:00.000+00:00",
      "generator": {
        "date": "2025-07-17T06:02:02.190+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-1012",
      "initial_release_date": "2025-05-12T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-05-12T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-07-16T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Fedora aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "iptraf-ng \u003cv1.2.2",
                "product": {
                  "name": "Red Hat Enterprise Linux iptraf-ng \u003cv1.2.2",
                  "product_id": "T043584"
                }
              },
              {
                "category": "product_version",
                "name": "iptraf-ng v1.2.2",
                "product": {
                  "name": "Red Hat Enterprise Linux iptraf-ng v1.2.2",
                  "product_id": "T043584-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:iptraf-ng__v1.2.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "pcs \u003cpcs-0.11.9-2.el9.src.rpm",
                "product": {
                  "name": "Red Hat Enterprise Linux pcs \u003cpcs-0.11.9-2.el9.src.rpm",
                  "product_id": "T043585"
                }
              },
              {
                "category": "product_version",
                "name": "pcs pcs-0.11.9-2.el9.src.rpm",
                "product": {
                  "name": "Red Hat Enterprise Linux pcs pcs-0.11.9-2.el9.src.rpm",
                  "product_id": "T043585-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:pcs__pcs-0.11.9-2.el9.src.rpm"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-52949",
      "product_status": {
        "known_affected": [
          "74185",
          "T043584"
        ]
      },
      "release_date": "2025-05-12T22:00:00.000+00:00",
      "title": "CVE-2024-52949"
    },
    {
      "cve": "CVE-2025-25184",
      "product_status": {
        "known_affected": [
          "74185",
          "T043585"
        ]
      },
      "release_date": "2025-05-12T22:00:00.000+00:00",
      "title": "CVE-2025-25184"
    }
  ]
}

CVE-2025-25184 (GCVE-0-2025-25184)

Vulnerability from cvelistv5

Published

2025-02-12 16:20

Modified

2025-11-03 21:12

Severity ?

5.7 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

CWE

CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
CWE-117 - Improper Output Neutralization for Logs

Summary

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious content into logs. When a user provides the authorization credentials via Rack::Auth::Basic, if success, the username will be put in env['REMOTE_USER'] and later be used by Rack::CommonLogger for logging purposes. The issue occurs when a server intentionally or unintentionally allows a user creation with the username contain CRLF and white space characters, or the server just want to log every login attempts. If an attacker enters a username with CRLF character, the logger will log the malicious username with CRLF characters into the logfile. Attackers can break log formats or insert fraudulent entries, potentially obscuring real activity or injecting malicious data into log files. Versions 2.2.11, 3.0.12, and 3.1.10 contain a fix.

References

URL

Tags

	https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg	x_refsource_CONFIRM
	https://github.com/rack/rack/commit/074ae244430cda05c27ca91cda699709cfb3ad8e	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	rack	rack	Version: < 2.2.11 Version: >= 3.0, < 3.0.12 Version: >= 3.1, < 3.1.10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-25184",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-12T19:09:07.706810Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T19:09:12.443Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:12:48.952Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "rack",
          "vendor": "rack",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.2.11"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.0, \u003c 3.0.12"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.1, \u003c 3.1.10"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious content into logs. When a user provides the authorization credentials via Rack::Auth::Basic, if success, the username will be put in env[\u0027REMOTE_USER\u0027] and later be used by Rack::CommonLogger for logging purposes. The issue occurs when a server intentionally or unintentionally allows a user creation with the username contain CRLF and white space characters, or the server just want to log every login attempts. If an attacker enters a username with CRLF character, the logger will log the malicious username with CRLF characters into the logfile. Attackers can break log formats or insert fraudulent entries, potentially obscuring real activity or injecting malicious data into log files. Versions 2.2.11, 3.0.12, and 3.1.10 contain a fix."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-93",
              "description": "CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-117",
              "description": "CWE-117: Improper Output Neutralization for Logs",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-14T19:48:00.607Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg"
        },
        {
          "name": "https://github.com/rack/rack/commit/074ae244430cda05c27ca91cda699709cfb3ad8e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rack/rack/commit/074ae244430cda05c27ca91cda699709cfb3ad8e"
        }
      ],
      "source": {
        "advisory": "GHSA-7g2v-jj9q-g3rg",
        "discovery": "UNKNOWN"
      },
      "title": "Possible Log Injection in Rack::CommonLogger"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-25184",
    "datePublished": "2025-02-12T16:20:46.865Z",
    "dateReserved": "2025-02-03T19:30:53.399Z",
    "dateUpdated": "2025-11-03T21:12:48.952Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-52949 (GCVE-0-2024-52949)

Vulnerability from cvelistv5

Published

2024-12-16 00:00

Modified

2025-04-03 15:17

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

Summary

iptraf-ng 1.2.1 has a stack-based buffer overflow. In src/ifaces.c, the strcpy function consistently fails to control the size, and it is consequently possible to overflow memory on the stack.

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

wid-sec-w-2025-1012

Vulnerability from csaf_certbund

CVE-2025-25184 (GCVE-0-2025-25184)

Vulnerability from cvelistv5

CVE-2024-52949 (GCVE-0-2024-52949)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature