CVE-2012-1145

Common Vulnerabilities and Exposures

Upstream information

CVE-2012-1145 at MITRE

Description

spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when mod_wsgi is used, which allows remote attackers to cause a denial of service (/var partition disk consumption and failed updates) via a large number of package uploads.

NVD CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Novell/SUSE information

Novell Bugzilla entry: 751837

No SUSE Security Announcements cross referenced.

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Manager Proxy 1.2 for SLE 11 SP1	`nocpulse-common >= 2.1.19-0.12.1` `osad >= 5.9.44-0.16.2` `spacewalk-backend >= 1.2.74-0.50.3` `spacewalk-backend-libs >= 1.2.74-0.50.3` `spacewalk-client-repository >= 0.1-0.5.196` `spacewalk-client-repository-sle-10-3 >= 0.1-0.7.2` `spacewalk-client-repository-sle-10-4 >= 0.1-0.7.2` `spacewalk-client-repository-sle-11-1 >= 0.1-0.5.196` `spacewalk-proxy-broker >= 1.2.15-0.13.2` `spacewalk-proxy-common >= 1.2.15-0.13.2` `spacewalk-proxy-management >= 1.2.15-0.13.2` `spacewalk-proxy-package-manager >= 1.2.15-0.13.2` `spacewalk-proxy-redirect >= 1.2.15-0.13.2`	Builds SAT Patch Nr: 6101
SUSE Manager Client Tools for RES 4	`osad >= 5.9.44-0.17.1` `spacewalk-backend-libs >= 1.2.74-0.51.1`
SUSE Manager 1.2 for SLE 11 SP1	`nocpulse-common >= 2.1.19-0.12.3` `osa-dispatcher >= 5.9.44-0.16.3` `simple-xml >= 2.6.2-0.5.4` `spacewalk-backend >= 1.2.74-0.52.1` `spacewalk-backend-app >= 1.2.74-0.52.1` `spacewalk-backend-applet >= 1.2.74-0.52.1` `spacewalk-backend-config-files >= 1.2.74-0.52.1` `spacewalk-backend-config-files-common >= 1.2.74-0.52.1` `spacewalk-backend-config-files-tool >= 1.2.74-0.52.1` `spacewalk-backend-iss >= 1.2.74-0.52.1` `spacewalk-backend-iss-export >= 1.2.74-0.52.1` `spacewalk-backend-libs >= 1.2.74-0.52.1` `spacewalk-backend-package-push-server >= 1.2.74-0.52.1` `spacewalk-backend-server >= 1.2.74-0.52.1` `spacewalk-backend-sql >= 1.2.74-0.52.1` `spacewalk-backend-sql-oracle >= 1.2.74-0.52.1` `spacewalk-backend-tools >= 1.2.74-0.52.1` `spacewalk-backend-xml-export-libs >= 1.2.74-0.52.1` `spacewalk-backend-xmlrpc >= 1.2.74-0.52.1` `spacewalk-backend-xp >= 1.2.74-0.52.1` `spacewalk-base >= 1.2.31-0.37.3` `spacewalk-base-minimal >= 1.2.31-0.37.3` `spacewalk-branding >= 1.2.2-0.22.4` `spacewalk-client-repository >= 0.1-0.5.209` `spacewalk-client-repository-sle-10-3 >= 0.1-0.7.2` `spacewalk-client-repository-sle-10-4 >= 0.1-0.7.2` `spacewalk-client-repository-sle-11-1 >= 0.1-0.5.209` `spacewalk-dobby >= 1.2.31-0.37.3` `spacewalk-grail >= 1.2.31-0.37.3` `spacewalk-html >= 1.2.31-0.37.3` `spacewalk-java >= 1.2.115-0.56.5` `spacewalk-java-config >= 1.2.115-0.56.5` `spacewalk-java-lib >= 1.2.115-0.56.5` `spacewalk-java-oracle >= 1.2.115-0.56.5` `spacewalk-pxt >= 1.2.31-0.37.3` `spacewalk-sniglets >= 1.2.31-0.37.3` `spacewalk-taskomatic >= 1.2.115-0.56.5` `susemanager-schema >= 1.2.74-0.3.3` `susestudio-java-client >= 0.1.2-0.3.4`	Builds SAT Patch Nr: 6141
SLE CLIENT TOOLS 10 for PPC SLE CLIENT TOOLS 10 for ia64 SLE CLIENT TOOLS 10 for s390x SLE CLIENT TOOLS 10 for x86 SLE CLIENT TOOLS 10 for x86_64	`libzypp >= 6.37.7-0.5.1` `osad >= 5.9.44-0.7.1` `satsolver-tools >= 0.14.20-0.5.1` `spacewalk-backend-libs >= 1.2.74-0.15.1` `zypp-plugin-spacewalk >= 0.6-0.5.1` `zypper >= 1.3.18-0.5.1`	Builds ZYPP Patch Nr: 8051
SUSE Manager Client Tools for RES 5	`osad >= 5.9.44-0.17.1` `rhn-virtualization-common >= 5.4.15-0.12.1` `rhn-virtualization-host >= 5.4.15-0.12.1` `spacewalk-backend-libs >= 1.2.74-0.51.1`

Products

Products By Category

Collaboration

Endpoint Management

File & Networking Services

Services & Support

Help Yourself

Let Us Help

Download

IT Consulting

Technical Training

Customer Center

Contribute

Partners

Partner With Novell

PartnerNet

Find a Partner

Developers

Communities

About Novell

How to Buy