Lucene search

[email protected]CVE-2010-1439

HistoryJun 07, 2010 - 5:12 p.m.

CVE-2010-1439

2010-06-0717:12:48

CWE-264

[email protected]

web.nvd.nist.gov

cve-2010-1439

red hat network client tools

rhn-client-tools

rhel 5

fedora

file permissions

security vulnerability

nvd

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

yum-rhn-plugin in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Enterprise Linux (RHEL) 5 and Fedora uses world-readable permissions for the /var/spool/up2date/loginAuth.pkl file, which allows local users to access the Red Hat Network profile, and possibly prevent future security updates, by leveraging authentication data from this file.

Affected configurations

NVD

Node

redhatrhn-client-tools

redhatyum-rhn-plugin

AND

fedoraprojectfedora

redhatenterprise_linuxMatch5

redhatenterprise_linuxMatch5gaserver

redhatenterprise_linuxMatch5.0

CPENameOperatorVersion
redhat:yum-rhn-pluginredhat yum-rhn-plugineq*

CPE	Name	Operator	Version
redhat:yum-rhn-plugin	redhat yum-rhn-plugin	eq	*

References

secunia.com/advisories/39996

securitytracker.com/id?1024049

www.osvdb.org/65063

www.redhat.com/support/errata/RHSA-2010-0449.html

www.securityfocus.com/bid/40492

www.vupen.com/english/advisories/2010/1311

bugzilla.redhat.com/show_bug.cgi?id=585386

exchange.xforce.ibmcloud.com/vulnerabilities/59114

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9232

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2010-1439

nessus2 openvas2 cvelist1 prion1 redhat1 veracode1 nvd1