Red Hat Network Satellite Server 'manzier.pxt' User Information Disclosure Vulnerability

Bugtraq ID:	30679
Class:	Design Error
CVE:	CVE-2008-2369
Remote:	Yes
Local:	No
Published:	Aug 13 2008 12:00AM
Updated:	Aug 26 2008 09:44PM
Credit:	Red Hat disclosed this issue.
Vulnerable:	Redhat Network Satellite (for RHEL 4) 5.1
Not Vulnerable:

Red Hat Network Satellite Server 'manzier.pxt' User Information Disclosure Vulnerability

Red Hat Network Satellite Server is prone to an information-disclosure vulnerability because it ships with a hard-coded authentication key.

Successfully exploiting this issue may allow attackers to obtain sensitive information about Satellite Server users. Information harvested may aid in further attacks.

Red Hat Network Satellite Server 'manzier.pxt' User Information Disclosure Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Red Hat Network Satellite Server 'manzier.pxt' User Information Disclosure Vulnerability

Solution:
The vendor released an advisory and updates. Please see the references for more information.

Red Hat Network Satellite Server 'manzier.pxt' User Information Disclosure Vulnerability

References:

• About RHN (Red Hat)
  
• Bugzilla Bug 452462: CVE-2008-2369 RHN Satellite: information disclosure via man (Red Hat)
  
• RHSA-2008:0630-3 Low: Red Hat Network Satellite Server security update (Red Hat)