Red Hat Satellite rubyipmi Gem Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in the rubyipmi gem, which is used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. This vulnerability allows an authenticated attacker with permissions to create or update hosts to exploit the issue by sending a crafted username to the BMC interface. The vulnerability affects rubyipmi versions through 0.12.1.

Impact

Exploitation of this vulnerability allows for remote code execution on the system where Red Hat Satellite is running.

Reproduction

To reproduce this vulnerability, deploy Red Hat Satellite with the BMC component enabled and configured to use 'ipmitool' as the IPMI implementation. Once this setup is complete, an authenticated user with host creation or update permissions can create or edit a host by entering a malicious username for the BMC interface. After saving the changes, the Foreman UI will fetch the BMC status, at which point the crafted username can be used to execute arbitrary commands on the server.

Remediation

Users can switch the BMC IPMI implementation to 'freeipmi' or apply the patch that is available for this vulnerability.