Red Hat Local Security Checks : RedHat Security Advisory RHSA-2010:0449

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.67419

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2010:0449

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing updates announced in
advisory RHSA-2010:0449.

Red Hat Network Client Tools provide programs and libraries that allow your
system to receive software updates from the Red Hat Network (RHN).

It was discovered that rhn-client-tools set insecure permissions on the
loginAuth.pkl file, used to store session credentials for authenticating
connections to Red Hat Network servers. A local, unprivileged user could
use these credentials to download packages from the Red Hat Network. They
could also manipulate package or action lists associated with the system's
profile. (CVE-2010-1439)

Users of rhn-client-tools are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0449.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : Medium

CVSS Score:
3.6

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-1439
1024049
http://securitytracker.com/id?1024049
39996
http://secunia.com/advisories/39996
40492
http://www.securityfocus.com/bid/40492
65063
http://www.osvdb.org/65063
ADV-2010-1311
http://www.vupen.com/english/advisories/2010/1311
RHSA-2010:0449
http://www.redhat.com/support/errata/RHSA-2010-0449.html
https://bugzilla.redhat.com/show_bug.cgi?id=585386
oval:org.mitre.oval:def:9232
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9232
redhat-clienttools-loginauth-security-bypass(59114)
https://exchange.xforce.ibmcloud.com/vulnerabilities/59114

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.67419
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2010:0449
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2010:0449. Red Hat Network Client Tools provide programs and libraries that allow your system to receive software updates from the Red Hat Network (RHN). It was discovered that rhn-client-tools set insecure permissions on the loginAuth.pkl file, used to store session credentials for authenticating connections to Red Hat Network servers. A local, unprivileged user could use these credentials to download packages from the Red Hat Network. They could also manipulate package or action lists associated with the system's profile. (CVE-2010-1439) Users of rhn-client-tools are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0449.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : Medium CVSS Score: 3.6
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1439 1024049 http://securitytracker.com/id?1024049 39996 http://secunia.com/advisories/39996 40492 http://www.securityfocus.com/bid/40492 65063 http://www.osvdb.org/65063 ADV-2010-1311 http://www.vupen.com/english/advisories/2010/1311 RHSA-2010:0449 http://www.redhat.com/support/errata/RHSA-2010-0449.html https://bugzilla.redhat.com/show_bug.cgi?id=585386 oval:org.mitre.oval:def:9232 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9232 redhat-clienttools-loginauth-security-bypass(59114) https://exchange.xforce.ibmcloud.com/vulnerabilities/59114
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com