RHEL 5 : rhn-client-tools (RHSA-2010:0449)

This script is Copyright (C) 2010-2017 Tenable Network Security, Inc.

Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated rhn-client-tools packages that fix one security issue are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
moderate security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from
the CVE link in the References section.

Red Hat Network Client Tools provide programs and libraries that allow
your system to receive software updates from the Red Hat Network

It was discovered that rhn-client-tools set insecure permissions on
the loginAuth.pkl file, used to store session credentials for
authenticating connections to Red Hat Network servers. A local,
unprivileged user could use these credentials to download packages
from the Red Hat Network. They could also manipulate package or action
lists associated with the system's profile. (CVE-2010-1439)

Users of rhn-client-tools are advised to upgrade to these updated
packages, which contain a backported patch to correct this issue.

See also :


Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 3.6

Family: Red Hat Local Security Checks

Nessus Plugin ID: 46780 ()

Bugtraq ID:

CVE ID: CVE-2010-1439

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now