CVE-2012-1145

Summary

CVE	CVE-2012-1145
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2012-06-16 00:55:00 UTC
Updated	2022-02-03 20:00:00 UTC
Description	spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when mod_wsgi is used, which allows remote attackers to cause a denial of service (/var partition disk consumption and failed updates) via a large number of package uploads.

Risk And Classification

Problem Types: CWE-287

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Redhat	Enterprise Linux	6.0	All	All	All
Application	Redhat	Satellite	5.4	All	All	All
Operating System	Red Hat	Enterprise Linux	6	All	All	All
Operating System	Red Hat	Enterprise Linux	6	All	All	All
Application	Red Hat	Network Satellite	5.4	All	All	All
Application	Red Hat	Network Satellite	5.4	All	All	All

References

Reference	Source	Link	Tags
Red Hat Customer Portal	REDHAT	rhn.redhat.com	Vendor Advisory
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
Red Hat Network Satellite Server spacewalk-backend Lets Remote Users Deny Service - SecurityTracker	SECTRACK	www.securitytracker.com
Red Hat Network Satellite Server NULL Organization Package Upload Security Bypass Vulnerability	BID	www.securityfocus.com
Security Advisory SA48664 - Red Hat Network Satellite NULL Organization Package Upload Security Bypass Vulnerability - Secunia	SECUNIA	secunia.com	Vendor Advisory
81481	OSVDB	www.osvdb.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.