Red Hat Network Client Tools provide programs and libraries that allow your
system to receive software updates from the Red Hat Network (RHN).
It was discovered that rhn-client-tools set insecure permissions on the
loginAuth.pkl file, used to store session credentials for authenticating
connections to Red Hat Network servers. A local, unprivileged user could
use these credentials to download packages from the Red Hat Network. They
could also manipulate package or action lists associated with the system’s
profile. (CVE-2010-1439)
Users of rhn-client-tools are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | noarch | rhn-check | < 0.4.20-33.el5_5.2 | rhn-check-0.4.20-33.el5_5.2.noarch.rpm |
RedHat | 5 | noarch | rhn-setup | < 0.4.20-33.el5_5.2 | rhn-setup-0.4.20-33.el5_5.2.noarch.rpm |
RedHat | 5 | src | rhn-client-tools | < 0.4.20-33.el5_5.2 | rhn-client-tools-0.4.20-33.el5_5.2.src.rpm |
RedHat | 5 | noarch | rhn-client-tools | < 0.4.20-33.el5_5.2 | rhn-client-tools-0.4.20-33.el5_5.2.noarch.rpm |
RedHat | 5 | noarch | rhn-setup-gnome | < 0.4.20-33.el5_5.2 | rhn-setup-gnome-0.4.20-33.el5_5.2.noarch.rpm |