CVE-2013-4480
First published: Wed Oct 30 2013(Updated: )
It was found that the web interface provided by Red Hat Satellite to create the initial administrator user was not disabled after the initial user was created. A remote attacker could use this flaw to create an administrator user with credentials they specify. This user could then be used to assume control of the Satellite server.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Satellite | <=5.6 | |
| redhat satellite | <=5.6 | |
| Red Hat Satellite with Embedded Oracle | =5.2 | |
| Red Hat Satellite with Embedded Oracle | =5.3 | |
| Red Hat Satellite with Embedded Oracle | =5.4 | |
| Red Hat Satellite with Embedded Oracle | =5.5 | |
| SUSE Manager | =1.7 | |
| SUSE Linux Enterprise Server | =11.0-sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://rhn.redhat.com/errata/RHSA-2013-1513.html
- https://rhn.redhat.com/errata/RHSA-2013-1514.html
- https://access.redhat.com/site/articles/539283
- https://access.redhat.com/site/solutions/539313
- https://bugzilla.redhat.com/show_bug.cgi?id=1024614
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00009.html
- http://rhn.redhat.com/errata/RHSA-2013-1513.html
- http://rhn.redhat.com/errata/RHSA-2013-1514.html
Frequently Asked Questions
What is the severity of CVE-2013-4480?
CVE-2013-4480 is considered a critical vulnerability due to its ability to allow remote attackers to create administrator accounts.
How do I fix CVE-2013-4480?
To fix CVE-2013-4480, ensure that the web interface for creating the initial administrator user is disabled after the initial setup.
Which versions of Red Hat Satellite are affected by CVE-2013-4480?
CVE-2013-4480 affects Red Hat Satellite versions up to 5.6, including the versions with Embedded Oracle from 5.2 to 5.5.
Is there a workaround for CVE-2013-4480?
A workaround for CVE-2013-4480 involves restricting access to the web interface by limiting network access or using firewall rules.
Can CVE-2013-4480 be exploited remotely?
Yes, CVE-2013-4480 can be exploited remotely, allowing attackers to create unauthorized administrator accounts.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-4480
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/redhat
- canonical/red hat satellite
- version/red hat satellite/5.6
- canonical/redhat satellite
- version/redhat satellite/5.6
- canonical/red hat satellite with embedded oracle
- version/red hat satellite with embedded oracle/5.2
- version/red hat satellite with embedded oracle/5.3
- version/red hat satellite with embedded oracle/5.4
- version/red hat satellite with embedded oracle/5.5
- vendor/suse
- canonical/suse manager
- version/suse manager/1.7
- canonical/suse linux enterprise server
- version/suse linux enterprise server/11.0-sp2