A session fixation flaw was found in the way Red Hat
Network (RHN) Satellite and Spacewalk services handled
session cookies. An RHN Satellite or Spacewalk Server
user able to pre-set the session cookie in a victim's
browser to a valid value could use this flaw to hijack
the victim's session after the next log in.
Red Hat would like to thank Thomas Biege of the SuSE Security Team
for reporting this issue.
The CVE identifier of CVE-2011-0717 has been assigned to this issue.
This issue has been addressed in following products:
Red Hat Network Satellite Server v 5.4
Via RHSA-2011:0300 https://rhn.redhat.com/errata/RHSA-2011-0300.html
Created spacewalk-backend tracking bugs for this issue
Affects: fedora-all [bug 679887]