This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Redhat First view 2010-06-07
Product Yum-Rhn-Plugin Last view 2010-06-07
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:redhat:yum-rhn-plugin:*:*:*:*:*:*:*:* 1

Related : CVE

  Date Alert Description
3.6 2010-06-07 CVE-2010-1439

yum-rhn-plugin in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Enterprise Linux (RHEL) 5 and Fedora uses world-readable permissions for the /var/spool/up2date/loginAuth.pkl file, which allows local users to access the Red Hat Network profile, and possibly prevent future security updates, by leveraging authentication data from this file.

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-264 Permissions, Privileges, and Access Controls

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:9232 yum-rhn-plugin in Red Hat Network Client Tools (aka rhn-client-tools) on Red ...
oval:org.mitre.oval:def:21382 RHSA-2010:0449: rhn-client-tools security update (Moderate)
oval:org.mitre.oval:def:23151 ELSA-2010:0449: rhn-client-tools security update (Moderate)

Open Source Vulnerability Database (OSVDB)

id Description
65063 Red Hat rhn-client-tools /var/spool/up2date/loginAuth.pkl Insecure File Permi...

OpenVAS Exploits

id Description
2010-06-07 Name : RedHat Update for rhn-client-tools RHSA-2010:0449-01
File : nvt/gb_RHSA-2010_0449-01_rhn-client-tools.nasl

Nessus® Vulnerability Scanner

id Description
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20100601_rhn_client_tools_on_SL5_x.nasl - Type: ACT_GATHER_INFO
2010-06-02 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2010-0449.nasl - Type: ACT_GATHER_INFO