RHEL 5 / 6 : spacewalk-backend (RHSA-2012:0102)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated spacewalk-backend packages that fix one security issue are now
available for Red Hat Network Proxy 5.4.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Red Hat Network (RHN) Proxy provides a mechanism for caching content,
such as package updates from Red Hat or custom content created for an
organization on an internal, centrally-located server.

If a user submitted a system registration XML-RPC call to an RHN Proxy
server (for example, by running 'rhnreg_ks') and that call failed,
their RHN user password was included in plain text in the error
messages both stored in the server log and mailed to the server
administrator. With this update, user passwords are excluded from
these error messages to avoid the exposure of authentication
credentials. (CVE-2012-0059)

Users of Red Hat Network Proxy are advised to upgrade to these updated
packages, which correct this issue. For this update to take effect,
Red Hat Network Proxy must be restarted. Refer to the Solution section
for details.

See also :

https://www.redhat.com/security/data/cve/CVE-2012-0059.html
http://rhn.redhat.com/errata/RHSA-2012-0102.html

Solution :

Update the affected spacewalk-backend and / or spacewalk-backend-libs
packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Red Hat Local Security Checks

Nessus Plugin ID: 64025 ()

Bugtraq ID: 51569

CVE ID: CVE-2012-0059