Bug 800688 - (CVE-2012-1145) CVE-2012-1145 satellite: remote package upload without authorization
CVE-2012-1145 satellite: remote package upload without authorization
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
Jan Hutař
: Security
Depends On: 791231 802834 808187 824038
Blocks: 800691
  Show dependency treegraph
Reported: 2012-03-06 18:17 EST by Vincent Danen
Modified: 2012-09-21 05:59 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-09-21 05:59:24 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2012-03-06 18:17:36 EST
It was discovered that a remote attacker was able to upload a package to a Spacewalk/Satellite NULL organization without any authorization or authentication.  A NULL organization is one to which packages synced from Red Hat Network Hosted land.  Although an attacker is not able to put packages into an arbitrary channel, he could upload several packages and fill up the /var partition with such files.  While these packages are not copied to legitimate channels and would not be downloaded by client systems, a full partition would prevent the downloading of new legitimate packages, which may include security fixes.  These packages would then be unavailable to client systems.
Comment 15 Vincent Danen 2012-03-29 14:28:35 EDT

This vulnerability only applies to RHN Satellite 5.4 when running on Red Hat Enterprise Linux 6 under mod_wsgi.  As the code uses mod_python when performing these checks on Red Hat Enterprise Linux 5, that version is not vulnerable to this flaw.
Comment 16 errata-xmlrpc 2012-03-29 14:34:22 EDT
This issue has been addressed in following products:

  Red Hat Network Satellite Server v 5.4

Via RHSA-2012:0436 https://rhn.redhat.com/errata/RHSA-2012-0436.html
Comment 17 Vincent Danen 2012-03-29 14:49:40 EDT
Created spacewalk-backend tracking bugs for this issue

Affects: fedora-all [bug 808187]
Comment 18 Jan Pazdziora 2012-03-30 10:02:24 EDT
Fixed in Spacewalk master, bd7ad3667f2388ae9929d1dfc03c49545e17384c. Tagged as spacewalk-backend-1.8.9-1.

Note You need to log in before you can comment on or make changes to this bug.