CVE-2013-4480
First published: Wed Oct 30 2013(Updated: )
It was found that the web interface provided by Red Hat Satellite to create the initial administrator user was not disabled after the initial user was created. A remote attacker could use this flaw to create an administrator user with credentials they specify. This user could then be used to assume control of the Satellite server.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Network Satellite | <=5.6 | |
| Redhat Satellite | <=5.6 | |
| Redhat Satellite With Embedded Oracle | =5.2 | |
| Redhat Satellite With Embedded Oracle | =5.3 | |
| Redhat Satellite With Embedded Oracle | =5.4 | |
| Redhat Satellite With Embedded Oracle | =5.5 | |
| SUSE Manager | =1.7 | |
| SUSE Linux Enterprise | =11.0-sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://rhn.redhat.com/errata/RHSA-2013-1513.html
- https://rhn.redhat.com/errata/RHSA-2013-1514.html
- https://access.redhat.com/site/articles/539283
- https://access.redhat.com/site/solutions/539313
- https://bugzilla.redhat.com/show_bug.cgi?id=1024614
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00009.html
- http://rhn.redhat.com/errata/RHSA-2013-1513.html
- http://rhn.redhat.com/errata/RHSA-2013-1514.html
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/description
- agent/tags
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-4480
- vendor/redhat
- canonical/redhat network satellite
- version/redhat network satellite/5.6
- canonical/redhat satellite
- version/redhat satellite/5.6
- canonical/redhat satellite with embedded oracle
- version/redhat satellite with embedded oracle/5.2
- version/redhat satellite with embedded oracle/5.3
- version/redhat satellite with embedded oracle/5.4
- version/redhat satellite with embedded oracle/5.5
- vendor/suse
- canonical/suse manager
- version/suse manager/1.7
- canonical/suse linux enterprise
- version/suse linux enterprise/11.0-sp2