Sicherheit: Fehlerhafte Zugriffsrechte in Red Hat CloudForms
Aktuelle Meldungen Distributionen
Name: Fehlerhafte Zugriffsrechte in Red Hat CloudForms
ID: RHSA-2018:0374-01
Distribution: Red Hat
Plattformen: Red Hat CloudForms
Datum: Mi, 28. Februar 2018, 16:47
Referenzen: https://access.redhat.com/security/cve/CVE-2017-12191
Applikationen: Red Hat CloudForms


Hash: SHA1

Red Hat Security Advisory

Synopsis: Important: Red Hat CloudForms security, bug fix, and
enhancement update
Advisory ID: RHSA-2018:0374-01
Product: Red Hat CloudForms
Advisory URL: https://access.redhat.com/errata/RHSA-2018:0374
Issue date: 2018-02-28
Cross references: RHSA-2017:3005
CVE Names: CVE-2017-12191

1. Summary:

An update is now available for CloudForms Management Engine 5.8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

CloudForms Management Engine 5.8 - noarch, x86_64

3. Description:

Ansible is a simple model-driven configuration management, multi-node
deployment, and remote-task execution system. Ansible works over SSH and
does not require any software or daemons to be installed on remote nodes.
Extension modules can be written in any language and are transferred to
managed machines automatically.

Ansible Tower helps you scale IT automation, manage complex deployments and
speed productivity. Centralize and control your IT infrastructure with a
visual dashboard, role-based access control, job scheduling, integrated
notifications and graphical inventory management. And Ansible Tower's REST
API and CLI make it easy to embed Ansible Tower into existing tools and

Red Hat CloudForms Management Engine delivers the insight, control, and
automation needed to address the challenges of managing virtual
environments. CloudForms Management Engine is built on Ruby on Rails, a
model-view-controller (MVC) framework for web application development.
Action Pack implements the controller and the view components.

Security Fix(es):

* A flaw was found in the CloudForms account configuration when using
VMware. By default, a shared account is used that has privileged access to
VMRC (VMWare Remote Console) functions that may not be appropriate for
users of CloudForms (and thus this account). An attacker could use this
vulnerability to view and make changes to settings in the VMRC and virtual
machines controlled by it that they should not have access to.

This issue was discovered by Gellert Kis (Red Hat).

Additional Changes:

This update also fixes several bugs and adds various enhancements.
Documentation for these changes is available from the Release Notes
document linked to in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:


If the postgresql service is running, it will be automatically restarted
after installing this update.

5. Bugs fixed (https://bugzilla.redhat.com/):

1458929 - IE 11 on windows 7: On topology page entity icons are not displaying
1459190 - Block storage volume list configuration button attach/detach/delete
actions are not working
1460377 - Missing Paginator on miq_request/show_list
1460815 - Formatting of Provider summary PDF file generated from provider
summary page is very broken
1461164 - Attach/Detach volume to/from instance provides no flash message
1463422 - The 'Assigned Filters' setting in the Settings->Access
Control->Groups->[group name] only applies to 'Hosts & Clusters', and not the Network providers.
1478518 - CFME reports VM migration passed when it fails on RHV side
1478520 - VM Migrate doesn't create notifications or log messages when
migrations fail.
1479402 - [RFE] Support more Tower credential types
1479939 - Volumes: Get error while trying to edit cloud volume opened from
availability zone page
1479940 - Volumes: Get 'Button not yet implemented' while adding tag to
cloud volume opened from availability zone page
1481378 - Error provisioning VM, incompatible marshal file format
1481446 - Quota not using cloud volumes in requested resource calculation.
1487306 - Unable to perform any actions on cloud objects from list view when
navigated to cloud tenants
1489697 - Missing servers in alert profile assignment screen
1490416 - Unexpected error message while adding new Cloud Subnet
1496900 - appliance_console crash when setting up standby node with no route to
1496903 - Cockpit web console is not available for RHOS provider
1496904 - [AWS EBS] UI: "Configuration" for Cloud storage throws
"Button not yet implemented" in flash message
1496907 - Others rendered as <Other(13)> on Utilization page of
1496908 - [Embedded Ansible] Show "Red Cross" Icon in notification
instead of "Green Check Mark" if the Repo Addition is failed
1496909 - Duplicate flash msg at rates of chargeback
1496922 - Edit tags not working while navigating to instance through provider
1496925 - Custom Button does not display for Dashboard View of a Provider
1496930 - In block volume snapshot summary selecting volumes based on snapshot
results in exception
1496931 - [Azure]Empty IPv6 configuration blocks Refresh of Azure Network
1496932 - Refresh Failing - String Not Recognized Metric Type - OpenShift
1496936 - retiring parent service doesn't retire child service
1496937 - VM Migrate gets an error sending completion email.
1496939 - Clicking x button in search box doesn't remove the search
1496943 - No indication of which image is currently being scanned when
selecting multiple images
1496945 - UI elements not loading and reporting widgets not showing data points
1496947 - Service Retirements (which work correctly) result in two separate
emails to service owner
1496949 - Image SSA - image-inspector unable to pull image - pod_wait is not
permitted at state finished
1497209 - User unable to login when role permissions restricted to
1498506 - Wrong hover view after selecting Red Hat Insights in main navigation
1498511 - Hover view of main navigation disappearing for
1498516 - Wrong hover view after selecting Middleware/Domains in main
1498518 - Hover view of main navigation disappears after selecting
1498525 - Scroll bar not appearing when looking at notifications
1498542 - date dialogs with "Show Past Dates" unchecked still allow
selection of past dates
1498544 - Some Navigation menus are not highlighted
1498891 - Container Product Feature in a Role Required for VM Visibility Menu
1500029 - [RFE] widget import file; the page goes blank on custom report page
1500445 - WebMKS Console : Proxy Error
1500448 - WebMKS Console: Some Javascript Error
1500517 - CVE-2017-12191 CFME: VMRC plugin console grants users administrative
1500808 - UI: infinispinner appears when clicking on Add or cancel button of
copy report for Guest OS Information-any OS
1500954 - DetachVolume is missing in AWS EBS cloudwatch event catcher
1501475 - overwriting reports causes new runs of the report to not show data
for some columns
1501481 - Edit cloud instance:Show parent and child VMs details for cloud
instances too
1501524 - Ansible playbook service max TTL is always divisible by 100
1501897 - Container Providers -> Topology View raises 'capitalize'
1503611 - Toast notifications missing error icon
1503639 - RHV provider VM Quad icon page: VM power 'reset' option do
not fail as expected.
1504199 - RFE: Expose Disks in the ServiceModel through Hardware
1504775 - Wrong flash message displayed when import/commit widget
1505415 - Records with duplicate timestamp in metrics rollup table
1505456 - UI: PDF Download button is missing from the infra provider summary
page (it is displayed for cloud providers)
1505501 - [DOC] Cannot copy a built in OpenSCAP policy
1505503 - container group creation\deletion rates are miscalculated for
container projects
1505545 - HTML5 Console Does Not Display From SSUI/OPS UI VMWare
1505951 - Azure extra disk information of VM is not showing from CFME which
prevents Chargeback calculation for the usage.
1506624 - compute.instance.exists events
1509008 - Global Region Widget doesn't have data
1509024 - "Orders" should be "My Orders"
1509378 - Error messages disappear when clicked or text selected.
1509391 - [REGRESSION][AZURE]Can't provision VM from private image
1509414 - Missing notification type icons in the Notification Drawer
1509419 - Queue workers are frequently querying pg_backend_pid
1509423 - [ja_JP][fr_FR] ON/OFF button varies in size on 'Manage quotas for
1510054 - Do not purge session if there are no sessions
1510142 - Cannot ommit Compute->Containers->Containers from RBAC role.
1510175 - managed disks are not removed as part of azure stack retirement
1510241 - Filters under Job Templates do not work properly
1510564 - error while syncing openstack tenants : failed to save the new
1510698 - chargeback filters selection issue
1511032 - VM retirement fails when using ovirt-engine SDK (V4)
1511125 - Unable to delete Cloud Network in Cloud Networks View
1511130 - CloudForms does not show region-level Utilization from
"Optimize" -> "Utilization" menu
1511135 - 'Optimize > Utilization' only shows a subset of providers
1511142 - Wrong units of net_usage_rate_average in containers metrics
1511144 - Cancellation of 'Create New Host Aggregate' with empty values
showing warning
1511147 - unable to scan lvm2 partitions that were thin provisioned under rhevm
1511196 - Typo or bug in openstack network_manager refresh parser.
1511502 - set_network_adapter method erroring out with undefined method
`[]' for nil:NilClass')]
1511517 - When provisioning an Ansible Embedded playbook, dialog's
service_name does not set the service name
1511528 - Group Filters: Selected host is deselected after group saving
1511548 - RHOS 12 tenants are not mapped to CFME
1511595 - Several broken associations in container-related service models
1512661 - [RFE] [v2v] There are unsupported v2v operations, that could have
been blocked at the v2v submit stage
1512665 - selection doesn't move along with added/copied Condition in
Control->Explorer->Policies treeview
1512667 - Network deletion provided with no flash message
1512694 - Inconsistency between filled name and name in accordion of Provision
1512695 - Unexpected error encountered while downloading pdf from configuration
1512706 - vmdb size constantly increasing 1+gb a day
1512728 - Azure - Disk properties missing or incorrect
1512955 - [v2v] Add a warning to user, in case trying to run v2v for windows
VM, without installing the required drivers
1512967 - Smartstate Analysis Snapshot of Azure Managed Disks fails with
"The value of parameter snapshot.name is invalid. (cause: 400 Bad Request) creating SSA Snapshot" if the disk name exceeds 60 characters.
1513124 - PG String Data Right Truncation error: Value too long for type
character varying(255)
1513509 - Region was offline - after a restart region has lost all data
1513699 - unable to provision against SCVMM with "VMM is unable to perform
this operation without a connection to a Virtual Machine Manager management server"
1514139 - Embedded ansible fails to start. Can't create credentials or add
1514184 - Chargeback report is not available after deleting linked task
1514570 - Changing cloud volumes in a service provisioning dialog still runs
with original value.
1515367 - Ops UI service catalog list view displays a cube icon rather than the
user's uploaded icon
1515402 - No flash message during duplicate class add.
1515407 - Inconsistency between customization template name and description
while deletion
1515416 - VMware WebMKS Console: Does not support CTRL+ALT+DEL Input
1515426 - Button 'Save' is always disabled on Edit Subnet Page
1515483 - Azure Smart State on Windows VM throwing error "undefined method
`[]' for nil:NilClass" in evm.log
1518357 - Container Image openSCAP compliance check doesn't response for
several Images
1518368 - Duplicate Customization Template name doesn't show flash error
1518372 - [RFE] Service pane service/explorer Unexpecting error encountered
1518374 - Quota - exclude orphaned VMs from used counts
1518383 - Unable to clone OSP template.Blank page displayed when clicked on
clone template
1518392 - Chargeback rate assignment page doesn't show duplicate clusters
1518600 - Element Name must be alphanumeric characters and underscores without
1519809 - setting certain types of filters can cause puma to consume all cpu
1519910 - Smart State Analysis doesn't show data in "Patches" and
"Registry Entries" etc for Windows VM.
1519915 - Mismatch between cloud volume table and details
1519987 - Logging of the server process memory/cpu (MiqServer.log_status) is
1520541 - Multiple cloud volumes can't be added in Catalog
1520557 - error "undefined method `[]=' for nil:NilClass" while
syncing against rhevm 3.6
1521036 - Azure NetworkManager refresh failure with "undefined method
`source_address_prefix'" error
1522951 - Re-enable Web Console button.
1523402 - Classification validation errors in seeding keep server from starting
1523404 - VMWare WebMKS consoles do not proxy sessions as VNC sessions do in
1523408 - C & U collection tab empty and fatal error appears in production
1523771 - Attempting to collect power status during retirement can cause
1523773 - policy profile doesn't get selected in Policy Profiles when
policy profile is clicked in one of timelines events
1523774 - Wrong project names on Ad Hoc matrics page cause to internal server
1523777 - Access Control: No option to 'Delete selected Groups' when
selecting multiple groups under Access Control EVM Groups
1523788 - Setting Start Page to Container/Explorer sets to URL to an invalid
1523851 - Azure Network Manager refreshes fail with 'undefined method
`[]' for nil:NilClass' when executing parse_load_balancer_pool_members
1523855 - Prevent scaling down with scale provider
1524646 - Backport cloud_subnet API collections to CloudForms
1525092 - long loading times of the self service portal dialogs
1525551 - Provision Error "A specified parameter was not correct: spec.
nicSettingMap.adapter.ip" under VMware after VM cloning from template.
1525563 - Drift analysis table shows double icons
1525583 - No event in timeline for the web console activity in RHV41
1526040 - Tagged Datastores in chargeback storage don't work
1526473 - Large MiqServer process leads to large generic workers that get
1527676 - SSUI: Error while adding to shopping cart: `Must specify a
service_template_href for adding a service_request`
1530653 - Unable to set control policies for Kubernetes Events from OpenShift
1530708 - No ESX 6.5 platform filter
1530717 - Empty page on Cloud Volume page
1531146 - configuration options are not correctly being logged into
last_boot.log and the evm.log
1531147 - Can't register RHSM or apply cfme updates through webui on IPV6
only appliance
1531156 - [RFE] VCloud provider log and debug option in adv config
1531161 - [Regression] Quota check for users errors out with "no implicit
conversion of nil into String" for service provisioning
1531177 - Got unexpected API result object Array
1531178 - Duplicate field called Type in Expression Field
1531256 - When provisioning an Azure instance and selecting NONE for the Public
IP Address option a public IP is still assigned.
1531261 - Could not determine root drive letter on Azure Windows 2016
Datacenter VM
1531262 - Can not delete schedules from schedules details page
1531274 - UI of Adding a new group page is different in en_US vs non en_US
1531554 - [Regression] C&U data can't be fetched for cloud providers
1531615 - C&U Host Graph: Drilling graph for VM with Group by some tag
gives unexpected error.
1531618 - C&U Availability Zone Graph: Drilling graph for Instances with
Group by some tag gives unexpected error.
1531619 - C&U Cluster Graph: Drilling graph for VM/ Host with Group by some
tag gives unexpected error.
1532328 - Authentication issue for api/automation_requests call to Master in
multi-region setup
1532854 - Smartstate request taking too long is killed because Worker
Monitoring Code incorrectly thinks the busy Smartproxy Worker is not responding
1532857 - custom reports not visible to group/role that could see them prior to
recent upgrade
1533167 - Unexpected error encountered while accessing policy event timeline in
availability zones
1533169 - WebMKS Console: Toggle Full Screen button does not work on Internet
Explorer 11
1533171 - [Regression] HTML5 Console: Toggle Full Screen button does not work
on Internet Explorer 11
1534584 - Cloudforms: Event VMDestroy_Task does not exists under event list
1534589 - Quota fails when an active Service request contains an Invalid
1534591 - Cannot start worker service (evmserverd)
1534601 - [Regression] VM console button is wrongly disabled based on VMware
Console Support Configuration from OPS UI
1536052 - Unable to browse VM Summary Screen with a NULL Custom Attribute name
1536672 - Memory Leak in MiqServer process
1537015 - [Embedded Ansible] - Credentials of SCM/Machine repository cannot be
1537145 - Edit tag page doesn't open for subnets and routers list opened
from network details
1537284 - When provisioning VM in Azure, errors do not appear in UI for certain
1538349 - [SCVMM] Destination placement_host_name not provided
1538350 - Tag: Restricted items can be selected in drop downs while
creation/editing, which cause unexpected error
1538351 - Can't retire stack from details view
1539752 - [RFE] Naming Runs Before Parsed Dialog: Dialog Options missing via
prov.get_tags or prov.get_option
1540699 - Selecting filter with "expression Service: Aggregate All Vm
Cpus" results in exception
1541072 - After Openstack 10 triggers an "unknown" state on instances,
when it recovers Cloudforms duplicates vms instead of recovering them
1542170 - chargeback assignment reset to <Nothing> if another container
provider is assigned a rate
1542240 - Change VMware console api detection from vCenter to ESXi Host
1542577 - VMs powered event on/off and vms powered off RSS links are broken
1542741 - Object store objects and containers are not synched to CFME UI and
swift manager refresh ends with errors
1543121 - service dialogs api calls create and edit inconsistency - cfme
1543150 - Smartstate Analysis greyed out on workers not in a provider zone
(webui zone)
1543172 - Quota - Active provisions calculations allow quota to be over

6. Package List:

CloudForms Management Engine 5.8:




These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from

7. References:


8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
Version: GnuPG v1


RHSA-announce mailing list
Pro-Linux @Facebook
Neue Nachrichten