NVD Vulnerability Detail

CVE-2010-1439

Summary	yum-rhn-plugin in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Enterprise Linux (RHEL) 5 and Fedora uses world-readable permissions for the /var/spool/up2date/loginAuth.pkl file, which allows local users to access the Red Hat Network profile, and possibly prevent future security updates, by leveraging authentication data from this file.
Publication Date	June 8, 2010, 2:12 a.m.
Registration Date	Jan. 29, 2021, 10:59 a.m.
Last Update	Sept. 19, 2017, 10:30 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:redhat:yum-rhn-plugin::::::::
execution environment
1	cpe:2.3:o:fedoraproject:fedora::::::::
2	cpe:2.3:o:redhat:enterprise_linux:5:::::::*
3	cpe:2.3:o:redhat:enterprise_linux:5:ga:server:::::*
4	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://secunia.com/advisories/39996	SECUNIA	Vendor Advisory
2	http://securitytracker.com/id?1024049	SECTRACK
3	http://www.osvdb.org/65063	OSVDB
4	http://www.redhat.com/support/errata/RHSA-2010-0449.html	REDHAT
5	http://www.securityfocus.com/bid/40492	BID
6	http://www.vupen.com/english/advisories/2010/1311	VUPEN	Vendor Advisory
7	https://bugzilla.redhat.com/show_bug.cgi?id=585386	CONFIRM
8	https://exchange.xforce.ibmcloud.com/vulnerabilities/59114	XF
9	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9232	OVAL

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html

JVN Vulnerability Information

RHEL の yum-rhn-plugin における Red Hat Network プロファイルを閲覧される脆弱性

Title	RHEL の yum-rhn-plugin における Red Hat Network プロファイルを閲覧される脆弱性
Summary	Red Hat Enterprise Linux (RHEL) の Red Hat Network Client Tools 内の yum-rhn-plugin には、/var/spool/up2date/loginAuth.pkl ファイルに world-readable パーミッション (誰でも読み取り可能な権限) を付与する不備があるため、Red Hat Network プロファイルを閲覧される脆弱性が存在します
Possible impacts	ローカルユーザにより、Red Hat Network プロファイルを閲覧される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	June 1, 2010, midnight
Registration Date	June 15, 2010, 6:25 p.m.
Last Update	June 15, 2010, 6:25 p.m.

Affected System

レッドハット

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 5.0 (client)

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-1439	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1439
National Vulnerability Database (NVD)
2	CVE-2010-1439	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1439

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	Name	URL
Red Hat Security Advisory
1	RHSA-2010:0449	https://rhn.redhat.com/errata/RHSA-2010-0449.html

その他

No	Name	URL
ISS X-Force Database
1	59114	http://xforce.iss.net/xforce/xfdb/59114
OPEN SOURCE VULNERABILITY DATABASE (OSVDB)
2	65063	http://osvdb.org/65063
Secunia Advisory
3	SA39996	http://secunia.com/advisories/39996
SecurityFocus
4	40492	http://www.securityfocus.com/bid/40492
SecurityTracker
5	1024049	http://securitytracker.com/id?1024049
VUPEN Security
6	VUPEN/ADV-2010-1311	http://www.vupen.com/english/advisories/2010/1311

Change Log

No	Changed Details	Date of change
0	[2010年06月15日] 掲載	Feb. 17, 2018, 10:37 a.m.