Design/Logic Flaw

2010-08-1720:00:00

PRIOn knowledge base

www.prio-n.com

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The (1) setup-ds.pl and (2) setup-ds-admin.pl setup scripts for Red Hat Directory Server 8 before 8.2 use world-readable permissions when creating cache files, which allows local users to obtain sensitive information including passwords for Directory and Administration Server administrative accounts.

CPENameOperatorVersion
directory_servereq8.1
directory_servereq8.0

CPE	Name	Operator	Version
	directory_server	eq	8.1
	directory_server	eq	8.0

References

rhn.redhat.com/errata/RHSA-2010-0590.html

secunia.com/advisories/40811

www.osvdb.org/66962

www.securitytracker.com/id?1024281

bugzilla.redhat.com/show_bug.cgi?id=608032