Vulnerability Name:

CVE-2012-1145 (CCN-74498)

Assigned:2012-03-29
Published:2012-03-29
Updated:2022-02-03
Summary:spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when mod_wsgi is used, which allows remote attackers to cause a denial of service (/var partition disk consumption and failed updates) via a large number of package uploads.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-287
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2012-1145

Source: CCN
Type: RHSA-2012-0436
Moderate: Red Hat Network Satellite spacewalk-backend security update

Source: REDHAT
Type: Vendor Advisory
RHSA-2012:0436

Source: CCN
Type: SA48664
Red Hat Network Satellite NULL Organization Package Upload Security Bypass Vulnerability

Source: SECUNIA
Type: Broken Link
48664

Source: OSVDB
Type: Broken Link
81481

Source: CCN
Type: OSVDB ID: 81481
Red Hat Network Satellite NULL Organization Disk Space Consumption Update Prevention Weakness

Source: BID
Type: Third Party Advisory, VDB Entry
52832

Source: CCN
Type: BID-52832
Red Hat Network Satellite Server NULL Organization Package Upload Security Bypass Vulnerability

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1026873

Source: XF
Type: Third Party Advisory, VDB Entry
network-satellite-null-sec-bypass(74498)

Source: XF
Type: UNKNOWN
network-satellite-null-sec-bypass(74498)

Source: CCN
Type: RHSA-2012:0436-1
Moderate: Red Hat Network Satellite spacewalk-backend security update

Vulnerable Configuration:Configuration 1:
  • cpe:/a:redhat:satellite:5.4:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:redhat:network_satellite:5.4:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    redhat satellite 5.4
    redhat enterprise linux 6.0
    redhat network satellite 5.4
    redhat enterprise linux 5