CVE-2010-1171

Name of the Vulnerable Software and Affected Versions Red Hat Network (RHN) Satellite versions 5.3 through 5.4

Description The issue allows remote authenticated users to access arbitrary files and cause a denial of service, specifically failed yum operations, via vectors related to configuration and package group (comps.xml) files for channels. This is due to the exposure of a dangerous, obsolete XML-RPC API.

Recommendations For versions 5.3 and 5.4, consider disabling the obsolete XML-RPC API as a temporary workaround until a patch is available. Restrict access to configuration and package group files, such as comps.xml, to minimize the risk of exploitation.