medium
6
CWE
20
Advisory Published
CVE Published
CVE Published
Updated

CVE-2010-2236: Input Validation

First published: Thu Jun 24 2010(Updated: )

An improper input sanitization flaw was found in the way Red Hat Network Satellite performed management of monitoring probes. A remote, authenticated attacker, with the privilege to administer monitoring probes, could execute arbitrary code with the privileges of the user, the Red Hat Network Satellite monitoring service is running under, by providing a specially-crafted values for certain options of the monitoring probe display. References: For further information about Red Hat Network Satellite monitoring entitlements and management of monitoring probes, please refer to the reference guide of your Red Hat Network Satellite installation.

Credit: secalert@redhat.com

Affected SoftwareAffected VersionHow to fix
Red Hat Spacewalk<=2.1.147-1
Red Hat Network Proxy=5.3
Red Hat Satellite=5.3
Red Hat Satellite=5.2
Red Hat Satellite=5.1
Red Hat Satellite=4.2
Red Hat Satellite=4.1
Red Hat Satellite=4.0
=5.3
=4.0
=4.1
=4.2
=5.1
=5.2
=5.3
<=2.1.147-1

Remedy

https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f

Remedy

https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=c41c87a9dc9dac771eb761dd63ada05b2f9104f9

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2010-2236?

    CVE-2010-2236 has been classified as having a moderate severity due to the potential for remote code execution by authenticated attackers.

  • How do I fix CVE-2010-2236?

    To remediate CVE-2010-2236, upgrade to the latest patched version of Red Hat Satellite or associated products that address this vulnerability.

  • Who is affected by CVE-2010-2236?

    CVE-2010-2236 affects users of Red Hat Satellite, Network Proxy, and Spacewalk Java, specifically in the specified vulnerable versions.

  • What action can an attacker perform due to CVE-2010-2236?

    An attacker exploiting CVE-2010-2236 can execute arbitrary code with the privileges of the Red Hat Network Satellite user.

  • What type of vulnerability is CVE-2010-2236?

    CVE-2010-2236 represents an improper input sanitization vulnerability that allows for arbitrary code execution.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203