spacewalk-config is vulnerable to authorization bypass. The vulnerability exists as RHN Satellite incorrectly exposed an obsolete XML-RPC API for configuring package group (comps.xml) files for channels. An authenticated user could use this flaw to gain access to arbitrary files accessible to the RHN Satellite server process, and prevent clients from performing certain yum operations.
secunia.com/advisories/44150
www.redhat.com/support/errata/RHSA-2011-0434.html
www.securityfocus.com/bid/47316
www.securitytracker.com/id?1025316
www.vupen.com/english/advisories/2011/0967
access.redhat.com/errata/RHSA-2011:0434
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=584118
exchange.xforce.ibmcloud.com/vulnerabilities/66690