Bugzilla – Bug 848639
VUL-0: CVE-2013-4480: spacewalk: admin user dialog problem
Last modified: 2013-11-13 16:41:24 UTC
bugbot adjusting priority
The SWAMPID for this issue is 54909. This issue was rated as critical. Please submit fixed packages until 2013-11-05. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
Kurt wrote the final CRD: Tuesday Nov 12th, 2013, 11am EST.
This update fixes an admin user dialog problem in spacewalk. The "add new admin user" functionality didn't get disabled after it was used. So after install/adding a remote attacker could use this flaw to create an administrator user with credentials they specify. This user could then be used to assume control of the Satellite server. Security Issue reference: - [CVE-2013-4480](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4480)
Update released for: spacewalk-java, spacewalk-java-config, spacewalk-java-lib, spacewalk-java-oracle, spacewalk-java-postgresql, spacewalk-java-tests, spacewalk-taskomatic Products: SUSE-MANAGER 1.7 (x86_64)