RHEL 5 : rhn-client-tools (RHSA-2010:0449)

This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated rhn-client-tools packages that fix one security issue are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
moderate security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from
the CVE link in the References section.

Red Hat Network Client Tools provide programs and libraries that allow
your system to receive software updates from the Red Hat Network
(RHN).

It was discovered that rhn-client-tools set insecure permissions on
the loginAuth.pkl file, used to store session credentials for
authenticating connections to Red Hat Network servers. A local,
unprivileged user could use these credentials to download packages
from the Red Hat Network. They could also manipulate package or action
lists associated with the system's profile. (CVE-2010-1439)

Users of rhn-client-tools are advised to upgrade to these updated
packages, which contain a backported patch to correct this issue.

See also :

https://www.redhat.com/security/data/cve/CVE-2010-1439.html
http://rhn.redhat.com/errata/RHSA-2010-0449.html

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 3.6
(CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 46780 ()

Bugtraq ID:

CVE ID: CVE-2010-1439