Bugzilla – Bug 1136480
VUL-1: CVE-2019-10136: spacewalk-backend: Insecure computation of authentication signatures during user authentication
Last modified: 2021-02-11 15:47:34 UTC
It was found that Spacewalk did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum.
The issue is that the 'computeSignature' function in server/rhnLib.py and does not separate all the fields that become part of the hash, allowing an attacker to move characters from one field to the other without affecting the resulting hash. Since a plain hash instead of an HMAC is used, length extension attacks (a valid hash can be computed after appending data) are possible. All codestreams appear affected. I'm not aware whether upstream has a fix yet.
Created attachment 806745 [details] Fix for CVE-2019-10136
SUSE-SU-2019:1790-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 1102770,1136480 CVE References: CVE-2019-10136 Sources used: SUSE Manager Server 3.2 (src): release-notes-susemanager-3.2.9-6.35.1, spacewalk-backend-2.8.57.17-3.33.1, spacewalk-web-2.8.7.17-3.30.1 SUSE Manager Proxy 3.2 (src): release-notes-susemanager-proxy-3.2.9-0.16.27.1, spacewalk-backend-2.8.57.17-3.33.1, spacewalk-proxy-2.8.5.6-3.11.1, spacewalk-web-2.8.7.17-3.30.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:1790-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1102770,1136476,1136480 CVE References: CVE-2019-10136,CVE-2019-10137 Sources used: SUSE Manager Server 3.2 (src): release-notes-susemanager-3.2.9-6.35.1, spacewalk-backend-2.8.57.17-3.33.1, spacewalk-web-2.8.7.17-3.30.1 SUSE Manager Proxy 3.2 (src): release-notes-susemanager-proxy-3.2.9-0.16.27.1, spacewalk-backend-2.8.57.17-3.33.1, spacewalk-proxy-2.8.5.6-3.11.1, spacewalk-web-2.8.7.17-3.30.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:1789-1: An update that solves two vulnerabilities and has 7 fixes is now available. Category: security (moderate) Bug References: 1136476,1136480,1136561,1136857,1137955,1138313,1138358,1138364,1139693 CVE References: CVE-2019-10136,CVE-2019-10137 Sources used: SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (src): spacewalk-backend-4.0.22-3.3.1, spacewalk-web-4.0.14-3.3.1, susemanager-doc-indexes-4.0-10.3.1, susemanager-docs_en-4.0-10.3.1, susemanager-sync-data-4.0.12-3.3.1 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 (src): spacewalk-backend-4.0.22-3.3.1, spacewalk-proxy-4.0.12-3.3.1, spacewalk-web-4.0.14-3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-RU-2019:1788-1: An update that has 9 recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1136476,1136480,1136561,1136857,1137955,1138313,1138358,1138364,1139693 CVE References: Sources used: SUSE Manager Server 4.0 (src): release-notes-susemanager-4.0.1-3.14.1 SUSE Manager Retail Branch Server 4.0 (src): release-notes-susemanager-proxy-4.0.1-0.16.14.1 SUSE Manager Proxy 4.0 (src): release-notes-susemanager-proxy-4.0.1-0.16.14.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): release-notes-susemanager-4.0.1-3.14.1, release-notes-susemanager-proxy-4.0.1-0.16.14.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Shouldn't this be closed now?
SUSE-SU-2019:14163-1: An update that solves one vulnerability and has 19 fixes is now available. Category: security (moderate) Bug References: 1103696,1104034,1130040,1135881,1136029,1136480,1137715,1137940,1138313,1138358,1138494,1138822,1139453,1142038,1143856,1144155,1144889,1148125,1148177,1148311 CVE References: CVE-2019-10136 Sources used: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (src): mgr-cfg-4.0.9-5.6.3, mgr-daemon-4.0.7-5.8.2, mgr-osad-4.0.9-5.6.2, mgr-virtualization-4.0.8-5.8.3, rhnlib-4.0.11-12.16.1, spacecmd-4.0.14-18.51.1, spacewalk-backend-4.0.25-28.42.1, spacewalk-remote-utils-4.0.5-6.12.2 SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (src): mgr-cfg-4.0.9-5.6.3, mgr-daemon-4.0.7-5.8.2, mgr-osad-4.0.9-5.6.2, mgr-virtualization-4.0.8-5.8.3, rhnlib-4.0.11-12.16.1, spacecmd-4.0.14-18.51.1, spacewalk-backend-4.0.25-28.42.1, spacewalk-remote-utils-4.0.5-6.12.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:2312-1: An update that solves one vulnerability and has 18 fixes is now available. Category: security (moderate) Bug References: 1130040,1135881,1136029,1136480,1136667,1137715,1137940,1138313,1138358,1138494,1138822,1139453,1142038,1143856,1144155,1144889,1148125,1148177,1148311 CVE References: CVE-2019-10136 Sources used: SUSE Manager Tools 12 (src): golang-github-prometheus-prometheus-2.11.1-1.6.2, kiwi-desc-saltboot-0.1.1564399963.cf19a13-1.12.1, mgr-cfg-4.0.9-1.6.4, mgr-daemon-4.0.7-1.8.2, mgr-osad-4.0.9-1.6.2, mgr-virtualization-4.0.8-1.8.3, rhnlib-4.0.11-21.16.1, spacecmd-4.0.14-38.49.1, spacewalk-backend-4.0.25-55.41.1, spacewalk-remote-utils-4.0.5-24.12.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:2317-1: An update that solves one vulnerability and has 17 fixes is now available. Category: security (moderate) Bug References: 1130040,1135881,1136029,1136480,1137715,1137940,1138313,1138358,1138494,1138822,1139453,1142038,1143856,1144155,1144889,1148125,1148177,1148311 CVE References: CVE-2019-10136 Sources used: SUSE Manager Tools 15 (src): golang-github-prometheus-alertmanager-0.16.2-3.3.1, golang-github-prometheus-prometheus-2.11.1-3.6.2, mgr-cfg-4.0.9-1.6.5, mgr-daemon-4.0.7-1.8.1, mgr-osad-4.0.9-1.6.2, mgr-virtualization-4.0.8-1.8.4, rhnlib-4.0.11-3.10.1, spacecmd-4.0.14-3.26.1, spacewalk-backend-4.0.25-3.23.1, spacewalk-remote-utils-4.0.5-3.9.2 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): rhnlib-4.0.11-3.10.1, spacecmd-4.0.14-3.26.1, spacewalk-backend-4.0.25-3.23.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): golang-github-prometheus-alertmanager-0.16.2-3.3.1, golang-github-prometheus-prometheus-2.11.1-3.6.2, rhnlib-4.0.11-3.10.1, spacecmd-4.0.14-3.26.1, spacewalk-backend-4.0.25-3.23.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-RU-2019:3350-1: An update that has 154 recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1104949,1109639,1111371,1113160,1116869,1118175,1122559,1130040,1131556,1132076,1133429,1134677,1134708,1134860,1135360,1135380,1135442,1136476,1136480,1136561,1136857,1136959,1137144,1137229,1137244,1137308,1137881,1137882,1137952,1137955,1137965,1138127,1138130,1138268,1138275,1138313,1138358,1138364,1138454,1138586,1138655,1138822,1139453,1139493,1139693,1140644,1141598,1141663,1142038,1142309,1142764,1142774,1143016,1143204,1143562,1143638,1143789,1143856,1144155,1144300,1144500,1144510,1144515,1144889,1145086,1145119,1145551,1145584,1145587,1145591,1145608,1145626,1145744,1145750,1145753,1145755,1145758,1145769,1145873,1146411,1146416,1146419,1146443,1146683,1146869,1147126,1148125,1148169,1148177,1148311,1148352,1148457,1148714,1149075,1149210,1149343,1149353,1149409,1149425,1149633,1149741,1150113,1150154,1150180,1150216,1150314,1150320,1150657,1150729,1151097,1151280,1151399,1151467,1151666,1151875,1151888,1152170,1152290,1152298,1152514,1152722,1152735,1153090,1153181,1153277,1153578,1153613,1154275,1154474,1154586,1154868,1154968,1155030,1155295,1155455,1155656,1155794,1155800,1155899,1156173,1156176,1156397,1156521,1156526,1156574,1157034,1157141,1157473,1158002,1158012,1158564,1158963,1159023,1159206 CVE References: Sources used: SUSE Manager Server 4.0 (src): release-notes-susemanager-4.0.4-3.35.1 SUSE Manager Retail Branch Server 4.0 (src): release-notes-susemanager-proxy-4.0.4-0.16.23.1 SUSE Manager Proxy 4.0 (src): release-notes-susemanager-proxy-4.0.4-0.16.23.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): release-notes-susemanager-4.0.4-3.35.1, release-notes-susemanager-proxy-4.0.4-0.16.23.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.