The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skipping the initial authentication call.
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2013-2056 from the MITRE CVE dictionary dictionary and NIST NVD.
| Base Score | 5 |
|---|---|
| Base Metrics | AV:N/AC:L/Au:N/C:P/I:N/A:N |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | None |
| Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Satellite 5.4 (RHEL v.6) (spacewalk-backend) | RHSA-2013:0848 | 2013-05-21 |
| Red Hat Satellite 5.4 (RHEL v.5) (spacewalk-backend) | RHSA-2013:0848 | 2013-05-21 |
| Red Hat Satellite 5.5 (RHEL v.5) (spacewalk-backend) | RHSA-2013:0848 | 2013-05-21 |
| Red Hat Satellite 5.5 (RHEL v.6) (spacewalk-backend) | RHSA-2013:0848 | 2013-05-21 |
| Red Hat Satellite 5.3 (RHEL v.5) (spacewalk-backend) | RHSA-2013:0848 | 2013-05-21 |
| Platform | Package | State |
|---|---|---|
| Red Hat Satellite 5.5 | Server | Will not fix |
| Red Hat Satellite 5.4 | Server | Will not fix |
| Red Hat Satellite 5.3 | Server | Will not fix |
| Red Hat Satellite 5.2 | Server | Not affected |
Vulmon