CVE-2010-1439

EUVD-2010-1467
yum-rhn-plugin in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Enterprise Linux (RHEL) 5 and Fedora uses world-readable permissions for the /var/spool/up2date/loginAuth.pkl file, which allows local users to access the Red Hat Network profile, and possibly prevent future security updates, by leveraging authentication data from this file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Affected Products (NVD)
VendorProductVersion
redhatyum-rhn-plugin
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/39996
http://securitytracker.com/id?1024049
http://www.osvdb.org/65063
http://www.redhat.com/support/errata/RHSA-2010-0449.html
http://www.securityfocus.com/bid/40492
http://www.vupen.com/english/advisories/2010/1311
https://bugzilla.redhat.com/show_bug.cgi?id=585386
https://exchange.xforce.ibmcloud.com/vulnerabilities/59114
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9232
http://secunia.com/advisories/39996
http://securitytracker.com/id?1024049
http://www.osvdb.org/65063
http://www.redhat.com/support/errata/RHSA-2010-0449.html
http://www.securityfocus.com/bid/40492
http://www.vupen.com/english/advisories/2010/1311
https://bugzilla.redhat.com/show_bug.cgi?id=585386
https://exchange.xforce.ibmcloud.com/vulnerabilities/59114
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9232