Red Hat Network (RHN) Satellite 5.3 and 5.4 exposes a dangerous, obsolete XML-RPC API, which allows remote authenticated users to access arbitrary files and cause a denial of service (failed yum operations) via vectors related to configuration and package group (comps.xml) files for channels.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Satellite | Redhat | 5.3 (including) | 5.3 (including) |
Satellite | Redhat | 5.4 (including) | 5.4 (including) |