Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871785
Category:Red Hat Local Security Checks
Title:RedHat Update for subscription-manager RHSA-2017:0698-01
Summary:The remote host is missing an update for the 'subscription-manager'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'subscription-manager'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The subscription-manager packages provide
programs and libraries to allow users to manage subscriptions and yum repositories
from the Red Hat entitlement platform.

The subscription-manager-migration-data package provides certificates for
migrating a system from the legacy Red Hat Network Classic (RHN) to Red Hat
Subscription Management (RHSM).

The python-rhsm packages provide a library for communicating with the
representational state transfer (REST) interface of a Red Hat Unified
Entitlement Platform. The Subscription Management tools use this interface
to manage system entitlements, certificates, and access to content.

The following packages have been upgraded to a later upstream version:
subscription-manager (1.18.10), python-rhsm (1.18.6),
subscription-manager-migration-data (2.0.34). (BZ#1383475, BZ#1385446,
BZ#1385382)

Security Fix(es):

* It was found that subscription-manager set weak permissions on files in
/var/lib/rhsm/, causing an information disclosure. A local, unprivileged
user could use this flaw to access sensitive data that could potentially be
used in a social engineering attack. (CVE-2016-4455)

Red Hat would like to thank Robert Scheck for reporting this issue.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9
Technical Notes linked from the References section.

Affected Software/OS:
subscription-manager on
Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
2.1

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-4455
BugTraq ID: 93926
http://www.securityfocus.com/bid/93926
http://www.openwall.com/lists/oss-security/2016/10/26/5
RedHat Security Advisories: RHSA-2016:2592
http://rhn.redhat.com/errata/RHSA-2016-2592.html
RedHat Security Advisories: RHSA-2017:0698
http://rhn.redhat.com/errata/RHSA-2017-0698.html
http://www.securitytracker.com/id/1038083
CopyrightCopyright (C) 2017 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.