CVE-2010-1439

Executive Summary

Informations
Name	CVE-2010-1439	First vendor Publication	2010-06-07
Vendor	Cve	Last vendor Modification	2010-08-21

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:N)
Cvss Base Score	3.6	Attack Range	Local
Cvss Impact Score	4.9	Attack Complexity	Low
Cvss Expoit Score	3.9	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

yum-rhn-plugin in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Enterprise Linux (RHEL) 5 and Fedora uses world-readable permissions for the /var/spool/up2date/loginAuth.pkl file, which allows local users to access the Red Hat Network profile, and possibly prevent future security updates, by leveraging authentication data from this file.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1439

CWE : Common Weakness Enumeration

id	Name
CWE-264	Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:9232

Oval ID:	oval:org.mitre.oval:def:9232
Title:	yum-rhn-plugin in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Enterprise Linux (RHEL) 5 and Fedora uses world-readable permissions for the /var/spool/up2date/loginAuth.pkl file, which allows local users to access the Red Hat Network profile, and possibly prevent future security updates, by leveraging authentication data from this file.
Description:	yum-rhn-plugin in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Enterprise Linux (RHEL) 5 and Fedora uses world-readable permissions for the /var/spool/up2date/loginAuth.pkl file, which allows local users to access the Red Hat Network profile, and possibly prevent future security updates, by leveraging authentication data from this file.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2010-1439	Version:	5
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section rhn-check is earlier than 0:0.4.20-33.el5_5.2 AND rhn-setup is earlier than 0:0.4.20-33.el5_5.2 AND rhn-client-tools is earlier than 0:0.4.20-33.el5_5.2 AND rhn-setup-gnome is earlier than 0:0.4.20-33.el5_5.2

CPE : Common Platform Enumeration

Type	Description	Count
Application	Redhat Yum-Rhn-Plugin cpe:/a:redhat:yum-rhn-plugin	1

Open Source Vulnerability Database (OSVDB)

id	Description
65063	Red Hat rhn-client-tools /var/spool/up2date/loginAuth.pkl Insecure File Permi...

Internal Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/40492
CONFIRM	https://bugzilla.redhat.com/show_bug.cgi?id=585386
OSVDB	http://www.osvdb.org/65063
REDHAT	http://www.redhat.com/support/errata/RHSA-2010-0449.html
SECTRACK	http://securitytracker.com/id?1024049
SECUNIA	http://secunia.com/advisories/39996
VUPEN	http://www.vupen.com/english/advisories/2010/1311
XF	http://xforce.iss.net/xforce/xfdb/59114

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-10 23:23:01	Multiple Updates

Type	Count
Oval ID(s)	1
CPE ID(s)	1
osvdb(s)	1

Related	Severity
RHSA-2010:0449	(Low)

CVE-2010-1439

Executive Summary

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Open Source Vulnerability Database (OSVDB)

Internal Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU