Novell Home

CVE-2012-1145

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2012-1145 at MITRE

Description

spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when mod_wsgi is used, which allows remote attackers to cause a denial of service (/var partition disk consumption and failed updates) via a large number of package uploads.

NVD CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Novell/SUSE information

Novell Bugzilla entry: 751837

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SUSE Manager Proxy 1.2 for SLE 11 SP1
  • nocpulse-common >= 2.1.19-0.12.1
  • osad >= 5.9.44-0.16.2
  • spacewalk-backend >= 1.2.74-0.50.3
  • spacewalk-backend-libs >= 1.2.74-0.50.3
  • spacewalk-client-repository >= 0.1-0.5.196
  • spacewalk-client-repository-sle-10-3 >= 0.1-0.7.2
  • spacewalk-client-repository-sle-10-4 >= 0.1-0.7.2
  • spacewalk-client-repository-sle-11-1 >= 0.1-0.5.196
  • spacewalk-proxy-broker >= 1.2.15-0.13.2
  • spacewalk-proxy-common >= 1.2.15-0.13.2
  • spacewalk-proxy-management >= 1.2.15-0.13.2
  • spacewalk-proxy-package-manager >= 1.2.15-0.13.2
  • spacewalk-proxy-redirect >= 1.2.15-0.13.2
Builds
SAT Patch Nr: 6101
SUSE Manager Client Tools for RES 4
  • osad >= 5.9.44-0.17.1
  • spacewalk-backend-libs >= 1.2.74-0.51.1
SUSE Manager 1.2 for SLE 11 SP1
  • nocpulse-common >= 2.1.19-0.12.3
  • osa-dispatcher >= 5.9.44-0.16.3
  • simple-xml >= 2.6.2-0.5.4
  • spacewalk-backend >= 1.2.74-0.52.1
  • spacewalk-backend-app >= 1.2.74-0.52.1
  • spacewalk-backend-applet >= 1.2.74-0.52.1
  • spacewalk-backend-config-files >= 1.2.74-0.52.1
  • spacewalk-backend-config-files-common >= 1.2.74-0.52.1
  • spacewalk-backend-config-files-tool >= 1.2.74-0.52.1
  • spacewalk-backend-iss >= 1.2.74-0.52.1
  • spacewalk-backend-iss-export >= 1.2.74-0.52.1
  • spacewalk-backend-libs >= 1.2.74-0.52.1
  • spacewalk-backend-package-push-server >= 1.2.74-0.52.1
  • spacewalk-backend-server >= 1.2.74-0.52.1
  • spacewalk-backend-sql >= 1.2.74-0.52.1
  • spacewalk-backend-sql-oracle >= 1.2.74-0.52.1
  • spacewalk-backend-tools >= 1.2.74-0.52.1
  • spacewalk-backend-xml-export-libs >= 1.2.74-0.52.1
  • spacewalk-backend-xmlrpc >= 1.2.74-0.52.1
  • spacewalk-backend-xp >= 1.2.74-0.52.1
  • spacewalk-base >= 1.2.31-0.37.3
  • spacewalk-base-minimal >= 1.2.31-0.37.3
  • spacewalk-branding >= 1.2.2-0.22.4
  • spacewalk-client-repository >= 0.1-0.5.209
  • spacewalk-client-repository-sle-10-3 >= 0.1-0.7.2
  • spacewalk-client-repository-sle-10-4 >= 0.1-0.7.2
  • spacewalk-client-repository-sle-11-1 >= 0.1-0.5.209
  • spacewalk-dobby >= 1.2.31-0.37.3
  • spacewalk-grail >= 1.2.31-0.37.3
  • spacewalk-html >= 1.2.31-0.37.3
  • spacewalk-java >= 1.2.115-0.56.5
  • spacewalk-java-config >= 1.2.115-0.56.5
  • spacewalk-java-lib >= 1.2.115-0.56.5
  • spacewalk-java-oracle >= 1.2.115-0.56.5
  • spacewalk-pxt >= 1.2.31-0.37.3
  • spacewalk-sniglets >= 1.2.31-0.37.3
  • spacewalk-taskomatic >= 1.2.115-0.56.5
  • susemanager-schema >= 1.2.74-0.3.3
  • susestudio-java-client >= 0.1.2-0.3.4
Builds
SAT Patch Nr: 6141
SLE CLIENT TOOLS 10 for PPC
SLE CLIENT TOOLS 10 for ia64
SLE CLIENT TOOLS 10 for s390x
SLE CLIENT TOOLS 10 for x86
SLE CLIENT TOOLS 10 for x86_64
  • libzypp >= 6.37.7-0.5.1
  • osad >= 5.9.44-0.7.1
  • satsolver-tools >= 0.14.20-0.5.1
  • spacewalk-backend-libs >= 1.2.74-0.15.1
  • zypp-plugin-spacewalk >= 0.6-0.5.1
  • zypper >= 1.3.18-0.5.1
Builds
ZYPP Patch Nr: 8051
SUSE Manager Client Tools for RES 5
  • osad >= 5.9.44-0.17.1
  • rhn-virtualization-common >= 5.4.15-0.12.1
  • rhn-virtualization-host >= 5.4.15-0.12.1
  • spacewalk-backend-libs >= 1.2.74-0.51.1

© 2014 Novell