Red Hat Network Satellite Server XMLRPC Remote Code Execution Vulnerability

Bugtraq ID:	25490
Class:	Unknown
CVE:	CVE-2007-4132
Remote:	Yes
Local:	No
Published:	Aug 30 2007 12:00AM
Updated:	Sep 05 2007 07:31PM
Credit:	The vendor discovered this issue in an internal code audit.
Vulnerable:	Redhat Red Hat Network Satellite Server 5.0
Not Vulnerable:	Redhat Red Hat Network Satellite Server 5.0.1

Red Hat Network Satellite Server XMLRPC Remote Code Execution Vulnerability

Red Hat Network Satellite Server is prone to a remote code-execution vulnerability. Successful authentication to the Satellite Server is required to exploit this issue.

A remote attacker can exploit this issue to execute arbitrary code with 'apache' user privileges, resulting in the compromise of affected computers.

Red Hat Network Satellite Server 5.0.0 is vulnerable.

Red Hat Network Satellite Server XMLRPC Remote Code Execution Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Red Hat Network Satellite Server XMLRPC Remote Code Execution Vulnerability

Solution:
The vendor released an advisory along with Network Satellite Server 5.0.1 to address this issue. Please see the references for more information.

Red Hat Network Satellite Server XMLRPC Remote Code Execution Vulnerability

References:

• About RHN (Red Hat)
  
• Bugzilla Bug 253239: CVE-2007-4132 RHN Satellite xmlrpc flaw (Red Hat)
  
• RHSA-2007:0868-2: Red Hat Network Satellite Server security update (Red Hat)