(RHSA-2010:0449) Moderate: rhn-client-tools security update

2010-06-0100:00:00

access.redhat.com

0.0004 Low

EPSS

Percentile

5.1%

JSON

Red Hat Network Client Tools provide programs and libraries that allow your
system to receive software updates from the Red Hat Network (RHN).

It was discovered that rhn-client-tools set insecure permissions on the
loginAuth.pkl file, used to store session credentials for authenticating
connections to Red Hat Network servers. A local, unprivileged user could
use these credentials to download packages from the Red Hat Network. They
could also manipulate package or action lists associated with the system’s
profile. (CVE-2010-1439)

Users of rhn-client-tools are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue.

OSVersionArchitecturePackageVersionFilename
RedHat5noarchrhn-check< 0.4.20-33.el5_5.2rhn-check-0.4.20-33.el5_5.2.noarch.rpm
RedHat5noarchrhn-setup< 0.4.20-33.el5_5.2rhn-setup-0.4.20-33.el5_5.2.noarch.rpm
RedHat5srcrhn-client-tools< 0.4.20-33.el5_5.2rhn-client-tools-0.4.20-33.el5_5.2.src.rpm
RedHat5noarchrhn-client-tools< 0.4.20-33.el5_5.2rhn-client-tools-0.4.20-33.el5_5.2.noarch.rpm
RedHat5noarchrhn-setup-gnome< 0.4.20-33.el5_5.2rhn-setup-gnome-0.4.20-33.el5_5.2.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	5	noarch	rhn-check	< 0.4.20-33.el5_5.2	rhn-check-0.4.20-33.el5_5.2.noarch.rpm
RedHat	5	noarch	rhn-setup	< 0.4.20-33.el5_5.2	rhn-setup-0.4.20-33.el5_5.2.noarch.rpm
RedHat	5	src	rhn-client-tools	< 0.4.20-33.el5_5.2	rhn-client-tools-0.4.20-33.el5_5.2.src.rpm
RedHat	5	noarch	rhn-client-tools	< 0.4.20-33.el5_5.2	rhn-client-tools-0.4.20-33.el5_5.2.noarch.rpm
RedHat	5	noarch	rhn-setup-gnome	< 0.4.20-33.el5_5.2	rhn-setup-gnome-0.4.20-33.el5_5.2.noarch.rpm

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for RHSA-2010:0449