Bug 529483 (CVE-2009-4139)

Summary: CVE-2009-4139 RHN Satellite / Spacewalk: CSRF in all web portal forms
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact: Jiri Kastner <jkastner>
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: atangrin, christian.johansson, cperry, dgoodwin, henrik, jesusr, jkastner, jpazdziora, jrenner, jsherril, mjc, mmraka, msuchy, mzazrivec, security-response-team, thomas, tlestach, vdanen, xdmoon
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: spacewalk-java-1.2.39-85.el*sat Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-08-02 16:23:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 693796    
Bug Blocks: 622406    

Description Jan Lieskovsky 2009-10-17 13:25:40 UTC 
It was found that Red Hat Network (RHN) Satellite and Spacewalk services did
not protect against Cross-Site Request Forgery (CSRF) attacks. If an
authenticated RHN Satellite or Spacewalk service user visited a specially-
crafted web page, it could lead to unauthorized command execution with the
privileges of that user, for example, creating a new user account, granting
administrator privileges to user accounts, disabling the account of the current
user, and so on. 

Acknowledgements:

Red Hat would like to thank Christian Johansson of Bitsec AB and Thomas Biege of the SUSE Security Team for independently reporting this issue.
Comment 47 Jan Lieskovsky 2011-06-16 12:52:08 UTC 
This issue affects the versions of the spacewalk-java package, as shipped
with Red Hat Network Satellite Server version 5.3.0, and 5.4.0.
Comment 48 Jan Lieskovsky 2011-06-16 12:54:49 UTC 
Statement:

Vulnerable. This issue has been addressed in Red Hat Network Satellite Server v 5.4.1 via RHSA-2011:0879 https://rhn.redhat.com/errata/RHSA-2011-0879.html. This issue is not planned to be fixed in Red Hat Network Satellite Server version 5.3.0.
Comment 50 errata-xmlrpc 2011-06-16 19:01:15 UTC 
This issue has been addressed in following products:

  Red Hat Network Satellite Server v 5.4

Via RHSA-2011:0879 https://rhn.redhat.com/errata/RHSA-2011-0879.html
Comment 51 Jan Lieskovsky 2013-08-02 16:21:26 UTC 
Spacewalk commit:
  https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=86afbf7c8bec544f44c9e9a65fad453422389cfe