Privilege Escalation

2020-04-1000:33:32

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

47.2%

JSON

yum-rhn-plugin is vulnerable to privilege escalation. The vulnerability exists as it was discovered that yum-rhn-plugin did not verify the SSL certificate for all communication with a Red Hat Network server. An attacker able to redirect the network communication between a victim and an RHN server could use this flaw to provide malicious repository metadata. This metadata could be used to block the victim from receiving specific security updates.

CPENameOperatorVersion
yum-rhn-plugineq0.5.2__3.el5
yum-rhn-plugineq0.5.3__6.el5_2.6
yum-rhn-plugineq0.5.3__6.el5
yum-rhn-plugineq0.4.3__1.el5
yum-rhn-plugineq0.5.2__5.el5_1.2
yum-rhn-plugineq0.4.3__2.el5
yum-rhn-plugineq0.5.2__3.el5
yum-rhn-plugineq0.5.3__6.el5_2.6
yum-rhn-plugineq0.5.3__6.el5
yum-rhn-plugineq0.4.3__1.el5

Name	Operator	Version
yum-rhn-plugin	eq	0.5.2__3.el5
yum-rhn-plugin	eq	0.5.3__6.el5_2.6
yum-rhn-plugin	eq	0.5.3__6.el5
yum-rhn-plugin	eq	0.4.3__1.el5
yum-rhn-plugin	eq	0.5.2__5.el5_1.2
yum-rhn-plugin	eq	0.4.3__2.el5
yum-rhn-plugin	eq	0.5.2__3.el5
yum-rhn-plugin	eq	0.5.3__6.el5_2.6
yum-rhn-plugin	eq	0.5.3__6.el5
yum-rhn-plugin	eq	0.4.3__1.el5