Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.871688
Categoría:Red Hat Local Security Checks
Título:RedHat Update for subscription-manager RHSA-2016:2592-02
Resumen:The remote host is missing an update for the 'subscription-manager'; package(s) announced via the referenced advisory.
Descripción:Summary:
The remote host is missing an update for the 'subscription-manager'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The subscription-manager packages provide
programs and libraries to allow users to manage subscriptions and yum repositories
from the Red Hat entitlement platform.

The subscription-manager-migration-data package provides certificates for
migrating a system from the legacy Red Hat Network Classic (RHN) to Red Hat
Subscription Management (RHSM).

The python-rhsm packages provide a library for communicating with the
representational state transfer (REST) interface of a Red Hat Unified
Entitlement Platform. The Subscription Management tools use this interface
to manage system entitlements, certificates, and access to content.

The following packages have been upgraded to a newer upstream version:
subscription-manager (1.17.15), python-rhsm (1.17.9),
subscription-manager-migration-data (2.0.31). (BZ#1328553, BZ#1328555,
BZ#1328559)

Security Fix(es):

* It was found that subscription-manager set weak permissions on files in
/var/lib/rhsm/, causing an information disclosure. A local, unprivileged
user could use this flaw to access sensitive data that could potentially be
used in a social engineering attack. (CVE-2016-4455)

Red Hat would like to thank Robert Scheck for reporting this issue.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.3 Release Notes linked from the References section.

Affected Software/OS:
subscription-manager on
Red Hat Enterprise Linux Server (v. 7)

Solution:
Please Install the Updated Packages.

CVSS Score:
2.1

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-4455
BugTraq ID: 93926
http://www.securityfocus.com/bid/93926
http://www.openwall.com/lists/oss-security/2016/10/26/5
RedHat Security Advisories: RHSA-2016:2592
http://rhn.redhat.com/errata/RHSA-2016-2592.html
RedHat Security Advisories: RHSA-2017:0698
http://rhn.redhat.com/errata/RHSA-2017-0698.html
http://www.securitytracker.com/id/1038083
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.