Vulnerability Description
yum-rhn-plugin in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Enterprise Linux (RHEL) 5 and Fedora uses world-readable permissions for the /var/spool/up2date/loginAuth.pkl file, which allows local users to access the Red Hat Network profile, and possibly prevent future security updates, by leveraging authentication data from this file.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Rhn-Client-Tools | All versions |
| Redhat | Yum-Rhn-Plugin | All versions |
| Fedoraproject | Fedora | All versions |
| Redhat | Enterprise Linux | 5 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/39996Vendor Advisory
- http://securitytracker.com/id?1024049
- http://www.osvdb.org/65063
- http://www.redhat.com/support/errata/RHSA-2010-0449.html
- http://www.securityfocus.com/bid/40492
- http://www.vupen.com/english/advisories/2010/1311Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=585386
- https://exchange.xforce.ibmcloud.com/vulnerabilities/59114
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://secunia.com/advisories/39996Vendor Advisory
- http://securitytracker.com/id?1024049
- http://www.osvdb.org/65063
- http://www.redhat.com/support/errata/RHSA-2010-0449.html
- http://www.securityfocus.com/bid/40492
- http://www.vupen.com/english/advisories/2010/1311Vendor Advisory
FAQ
What is CVE-2010-1439?
CVE-2010-1439 is a vulnerability with a CVSS score of 3.6 (LOW). yum-rhn-plugin in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Enterprise Linux (RHEL) 5 and Fedora uses world-readable permissions for the /var/spool/up2date/loginAuth.pkl file, whi...
How severe is CVE-2010-1439?
CVE-2010-1439 has been rated LOW with a CVSS base score of 3.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-1439?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Rhn-Client-Tools, Redhat Yum-Rhn-Plugin, Fedoraproject Fedora, Redhat Enterprise Linux.