Detections
Analytics

RHEL 4 : Satellite Server (RHSA-2007:0868)

medium Nessus Plugin ID 43833

Language:

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

Red Hat Network Satellite Server version 5.0.1 is now available which fixes a security issue in version 5.0.0.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

During an internal code audit, a flaw was found in an unused back-end XMLRPC handler first added to Red Hat Network Satellite Server 5.0.0.
A remote attacker with valid authentication credentials who was able to connect to a Satellite Server could use this flaw to execute arbitrary code on the server as the 'apache' user. (CVE-2007-4132)

Users of Red Hat Network Satellite Server 5.0.0 are advised to upgrade to 5.0.1 which removes the unused, vulnerable handler.

Note: This issue did not affect the hosted version of Red Hat Network or versions of Red Hat Network Satellite Server prior to 5.0.0.

Solution

Update the affected packages.

See Also

https://access.redhat.com/security/cve/cve-2007-4132

https://access.redhat.com/errata/RHSA-2007:0868

Plugin Details

Severity: Medium

ID: 43833

File Name: redhat-RHSA-2007-0868.nasl

Version: 1.20

Type: local

Agent: unix

Published: 1/10/2010

Updated: 1/14/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:rhns-xp, cpe:/o:redhat:enterprise_linux:4, p-cpe:/a:redhat:enterprise_linux:rhns, p-cpe:/a:redhat:enterprise_linux:rhns-app, p-cpe:/a:redhat:enterprise_linux:rhns-applet, p-cpe:/a:redhat:enterprise_linux:rhns-config-files, p-cpe:/a:redhat:enterprise_linux:rhns-config-files-common, p-cpe:/a:redhat:enterprise_linux:rhns-config-files-tool, p-cpe:/a:redhat:enterprise_linux:rhns-package-push-server, p-cpe:/a:redhat:enterprise_linux:rhns-satellite-tools, p-cpe:/a:redhat:enterprise_linux:rhns-server, p-cpe:/a:redhat:enterprise_linux:rhns-sql, p-cpe:/a:redhat:enterprise_linux:rhns-xml-export-libs, p-cpe:/a:redhat:enterprise_linux:rhns-xmlrpc

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 8/29/2007

Vulnerability Publication Date: 8/30/2007

Reference Information

CVE: CVE-2007-4132

RHSA: 2007:0868