CVE-2015-1777

Name of the Vulnerable Software and Affected Versions Red Hat Network Client Tools versions on Red Hat Gluster Storage 2.1 and Enterprise Linux (RHEL) 5, 6, and 7

Description The issue is related to the rhnreg ks component in Red Hat Network Client Tools, which fails to properly validate hostnames in X.509 certificates from SSL servers. This allows remote attackers to launch a man-in-the-middle attack, preventing system registration.

Recommendations For Red Hat Gluster Storage 2.1 and Enterprise Linux (RHEL) 5, 6, and 7, update the Red Hat Network Client Tools to a version that properly validates hostnames in X.509 certificates. At the moment, there is no information about a newer version that contains a fix for this vulnerability.