Rapid7 Vulnerability & Exploit Database

RHSA-2007:0868: Red Hat Network Satellite Server security update

Back to Search

RHSA-2007:0868: Red Hat Network Satellite Server security update

Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
08/30/2007
Created
07/25/2018
Added
03/10/2008
Modified
07/04/2017

Description

Red Hat Network Satellite Server version 5.0.1 is now available which fixes a security issue in version 5.0.0. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

During an internal code audit, a flaw was found in an unused back-end XMLRPC handler first added to Red Hat Network Satellite Server 5.0.0. A remote attacker with valid authentication credentials who was able to connect to a Satellite Server could use this flaw to execute arbitrary code on the server as the 'apache' user. (CVE-2007-4132) Users of Red Hat Network Satellite Server 5.0.0 are advised to upgrade to 5.0.1 which removes the unused, vulnerable handler. Note: This issue did not affect the hosted version of Red Hat Network or versions of Red Hat Network Satellite Server prior to 5.0.0.

Solution(s)

  • redhat-upgrade-rhns
  • redhat-upgrade-rhns-app
  • redhat-upgrade-rhns-applet
  • redhat-upgrade-rhns-config-files
  • redhat-upgrade-rhns-config-files-common
  • redhat-upgrade-rhns-config-files-tool
  • redhat-upgrade-rhns-package-push-server
  • redhat-upgrade-rhns-satellite-tools
  • redhat-upgrade-rhns-server
  • redhat-upgrade-rhns-sql
  • redhat-upgrade-rhns-xml-export-libs
  • redhat-upgrade-rhns-xmlrpc
  • redhat-upgrade-rhns-xp

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;