Bug 149456

Summary: rhnmd configuration is insecure
Product: Red Hat Satellite 5 Reporter: Wayne Pascoe <redhat>
Component: ServerAssignee: Nick Hansen <nhansen>
Status: CLOSED CURRENTRELEASE QA Contact: Vlady Zlatkin <vzlatkin>
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: dmcgrath, rhn-bugs
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-04-08 16:39:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 145824    

Description Wayne Pascoe 2005-02-23 10:23:10 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0

Description of problem:
rhnmd configuration file (/opt/nocpulse/etc/rhnmd_config) allows fallback to SSH protocol version 1 due to the line
Protocol 2,1

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
cat /opt/nocpulse/etc/rhnmd_config
  

Actual Results:  You see 
Protocol 2,1

Expected Results:  You should see
Protocol 2

Additional info:
Comment 2 Nick Hansen 2005-03-02 21:54:11 UTC 
Wayne, thanks for the bug report and good catch. The fix for this should be
available in the next version of the rhnmd pacakge that we push to the tools
channel, which should happen sometime around 3/15.
Comment 5 Vlady Zlatkin 2005-03-04 21:20:19 UTC 
verified
Comment 6 Todd Warner 2005-04-08 16:39:54 UTC 
mass move: PROD_READY --> CLOSED:CURRENTRELEASE