Unrated severityNVD Advisory· Published Jul 27, 2018· Updated Aug 5, 2024
CVE-2017-7470
CVE-2017-7470
Description
It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py.
Affected products
37- osv-coords37 versionspkg:rpm/suse/cobbler&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/rhnlib&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-CLIENT-TOOLSpkg:rpm/suse/rhnlib&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-CLIENT-TOOLSpkg:rpm/suse/rhnlib&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/rhnlib&distro=SUSE%20Manager%20Proxy%203.0pkg:rpm/suse/rhnlib&distro=SUSE%20Manager%20Server%203.0pkg:rpm/suse/salt-netapi-client&distro=SUSE%20Manager%20Server%203.0pkg:rpm/suse/spacecmd&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-CLIENT-TOOLSpkg:rpm/suse/spacecmd&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-CLIENT-TOOLSpkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Server%203.0pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-CLIENT-TOOLSpkg:rpm/suse/spacewalk-backend&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-CLIENT-TOOLSpkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Proxy%203.0pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Server%203.0pkg:rpm/suse/spacewalk-certs-tools&distro=SUSE%20Manager%20Proxy%203.0pkg:rpm/suse/spacewalk-certs-tools&distro=SUSE%20Manager%20Server%203.0pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-CLIENT-TOOLSpkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-CLIENT-TOOLSpkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Proxy%203.0pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Server%203.0pkg:rpm/suse/spacewalk-java&distro=SUSE%20Manager%20Server%203.0pkg:rpm/suse/spacewalk-proxy&distro=SUSE%20Manager%20Proxy%203.0pkg:rpm/suse/spacewalk-proxy-installer&distro=SUSE%20Manager%20Proxy%203.0pkg:rpm/suse/spacewalk-reports&distro=SUSE%20Manager%20Server%203.0pkg:rpm/suse/spacewalk-setup&distro=SUSE%20Manager%20Server%203.0pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Proxy%203.0pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Server%203.0pkg:rpm/suse/subscription-matcher&distro=SUSE%20Manager%20Server%203.0pkg:rpm/suse/susemanager&distro=SUSE%20Manager%20Server%203.0pkg:rpm/suse/susemanager-schema&distro=SUSE%20Manager%20Server%203.0pkg:rpm/suse/susemanager-sls&distro=SUSE%20Manager%20Proxy%203.0pkg:rpm/suse/susemanager-sls&distro=SUSE%20Manager%20Server%203.0pkg:rpm/suse/susemanager-sync-data&distro=SUSE%20Manager%20Server%203.0pkg:rpm/suse/virtual-host-gatherer&distro=SUSE%20Manager%20Server%203.0
< 2.6.6-45.1+ 36 more
- (no CPE)range: < 2.6.6-45.1
- (no CPE)range: < 2.5.84.4-8.1
- (no CPE)range: < 2.5.84.4-8.1
- (no CPE)range: < 2.5.84.4-17.1
- (no CPE)range: < 2.5.84.4-6.1
- (no CPE)range: < 2.5.84.4-6.1
- (no CPE)range: < 0.11.1-12.1
- (no CPE)range: < 2.5.5.5-14.1
- (no CPE)range: < 2.5.5.5-14.1
- (no CPE)range: < 2.5.5.5-34.1
- (no CPE)range: < 2.5.5.5-12.1
- (no CPE)range: < 2.5.24.9-24.1
- (no CPE)range: < 2.5.24.9-24.1
- (no CPE)range: < 2.5.24.9-51.1
- (no CPE)range: < 2.5.24.9-22.1
- (no CPE)range: < 2.5.24.9-22.1
- (no CPE)range: < 2.5.1.8-17.1
- (no CPE)range: < 2.5.1.8-17.1
- (no CPE)range: < 2.5.13.8-23.1
- (no CPE)range: < 2.5.13.8-23.1
- (no CPE)range: < 2.5.13.8-48.1
- (no CPE)range: < 2.5.13.8-17.2
- (no CPE)range: < 2.5.13.8-17.2
- (no CPE)range: < 2.5.59.14-23.2
- (no CPE)range: < 2.5.1.7-15.1
- (no CPE)range: < 2.5.2.5-6.1
- (no CPE)range: < 2.5.1.2-3.1
- (no CPE)range: < 2.5.3.12-15.1
- (no CPE)range: < 2.5.7.15-21.1
- (no CPE)range: < 2.5.7.15-21.1
- (no CPE)range: < 0.18-5.1
- (no CPE)range: < 3.0.21-21.1
- (no CPE)range: < 3.0.19-21.2
- (no CPE)range: < 0.1.20-23.1
- (no CPE)range: < 0.1.20-23.1
- (no CPE)range: < 3.0.16-24.1
- (no CPE)range: < 1.0.13-6.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- access.redhat.com/errata/RHSA-2017:1259mitrevendor-advisoryx_refsource_REDHAT
- www.securityfocus.com/bid/98569mitrevdb-entryx_refsource_BID
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.