A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned's D-Bus interface for such operations.
History

Wed, 18 Dec 2024 02:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:8

Wed, 18 Dec 2024 08:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/a:redhat:enterprise_linux:8::nfv
cpe:/a:redhat:enterprise_linux:8::realtime
cpe:/a:redhat:enterprise_linux:8::sap
cpe:/a:redhat:enterprise_linux:8::sap_hana
cpe:/o:redhat:enterprise_linux:8::baseos
References

Mon, 02 Dec 2024 08:00:00 +0000

Type Values Removed Values Added
References

Fri, 29 Nov 2024 05:30:00 +0000


Fri, 29 Nov 2024 04:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Extras Sap Els
Redhat rhel Extras Sap Hana Els
CPEs cpe:/o:redhat:enterprise_linux:7 cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:enterprise_linux:9::nfv
cpe:/a:redhat:enterprise_linux:9::realtime
cpe:/a:redhat:enterprise_linux:9::sap
cpe:/a:redhat:enterprise_linux:9::sap_hana
cpe:/a:redhat:rhel_extras_sap_els:7
cpe:/a:redhat:rhel_extras_sap_hana_els:7
cpe:/o:redhat:enterprise_linux:9::baseos
Vendors & Products Redhat rhel Extras Sap Els
Redhat rhel Extras Sap Hana Els

Wed, 27 Nov 2024 01:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Els
Redhat rhel Extras Rt Els
CPEs cpe:/a:redhat:enterprise_linux:9
cpe:/a:redhat:rhel_extras_rt_els:7
cpe:/o:redhat:rhel_els:7
Vendors & Products Redhat rhel Els
Redhat rhel Extras Rt Els
References
Metrics threat_severity

None

threat_severity

Moderate


Tue, 26 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:enterprise_linux:9::nfv
cpe:/a:redhat:enterprise_linux:9::realtime
cpe:/a:redhat:enterprise_linux:9::sap
cpe:/a:redhat:enterprise_linux:9::sap_hana
cpe:/a:redhat:rhel_extras_rt_els:7
cpe:/a:redhat:rhel_extras_sap_els:7
cpe:/a:redhat:rhel_extras_sap_hana_els:7
cpe:/o:redhat:enterprise_linux:9::baseos
cpe:/o:redhat:rhel_els:7
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat rhel Els
Redhat rhel Extras Rt Els
Redhat rhel Extras Sap Els
Redhat rhel Extras Sap Hana Els
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 26 Nov 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Els
Redhat rhel Extras Rt Els
Redhat rhel Extras Sap Els
Redhat rhel Extras Sap Hana Els
CPEs cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:9
cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:enterprise_linux:9::nfv
cpe:/a:redhat:enterprise_linux:9::realtime
cpe:/a:redhat:enterprise_linux:9::sap
cpe:/a:redhat:enterprise_linux:9::sap_hana
cpe:/a:redhat:rhel_extras_rt_els:7
cpe:/a:redhat:rhel_extras_sap_els:7
cpe:/a:redhat:rhel_extras_sap_hana_els:7
cpe:/o:redhat:enterprise_linux:9::baseos
cpe:/o:redhat:rhel_els:7
Vendors & Products Redhat rhel Els
Redhat rhel Extras Rt Els
Redhat rhel Extras Sap Els
Redhat rhel Extras Sap Hana Els
References

Tue, 26 Nov 2024 15:30:00 +0000

Type Values Removed Values Added
Description A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned's D-Bus interface for such operations.
Title Tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-20
CPEs cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:7::fastdatapath
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:8::fastdatapath
cpe:/o:redhat:enterprise_linux:9
cpe:/o:redhat:enterprise_linux:9::fastdatapath
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-11-26T15:21:17.538Z

Updated: 2024-12-18T08:34:18.827Z

Reserved: 2024-11-08T13:09:39.005Z

Link: CVE-2024-52337

cve-icon Vulnrichment

Updated: 2024-11-29T04:33:54.110Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-26T16:15:17.717

Modified: 2024-12-18T09:15:06.843

Link: CVE-2024-52337

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-11-26T12:00:00Z

Links: CVE-2024-52337 - Bugzilla