RHSA-2007:0868: Red Hat Network Satellite Server security update
Description
Red Hat Network Satellite Server version 5.0.1 is now available which fixes a security issue in version 5.0.0. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
During an internal code audit, a flaw was found in an unused back-end XMLRPC handler first added to Red Hat Network Satellite Server 5.0.0. A remote attacker with valid authentication credentials who was able to connect to a Satellite Server could use this flaw to execute arbitrary code on the server as the 'apache' user. (CVE-2007-4132) Users of Red Hat Network Satellite Server 5.0.0 are advised to upgrade to 5.0.1 which removes the unused, vulnerable handler. Note: This issue did not affect the hosted version of Red Hat Network or versions of Red Hat Network Satellite Server prior to 5.0.0.
Solution(s)
- redhat-upgrade-rhns
- redhat-upgrade-rhns-app
- redhat-upgrade-rhns-applet
- redhat-upgrade-rhns-config-files
- redhat-upgrade-rhns-config-files-common
- redhat-upgrade-rhns-config-files-tool
- redhat-upgrade-rhns-package-push-server
- redhat-upgrade-rhns-satellite-tools
- redhat-upgrade-rhns-server
- redhat-upgrade-rhns-sql
- redhat-upgrade-rhns-xml-export-libs
- redhat-upgrade-rhns-xmlrpc
- redhat-upgrade-rhns-xp
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center