Scientific Linux Security Update : rhn-client-tools on SL5.x i386/x86_64
Low Nessus Plugin ID 60797
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionIt was discovered that rhn-client-tools set insecure permissions on the loginAuth.pkl file, used to store session credentials for authenticating connections to servers. A local, unprivileged user could use these credentials to download packages they wouldn't normally have permission to download. They could also manipulate package or action lists associated with the system's profile.
Note: This package pulled in several other packages as dependencies in order to fix all bugs and security holes.
SolutionUpdate the affected packages.