Описание
The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories.
It was found that subscription-manager set weak permissions on files in /var/lib/rhsm/, causing an information disclosure. A local, unprivileged user could use this flaw to access sensitive data that could potentially be used in a social engineering attack.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | subscription-manager | Will not fix | ||
| Red Hat Enterprise Linux 6 | python-rhsm | Fixed | RHSA-2017:0698 | 21.03.2017 |
| Red Hat Enterprise Linux 6 | subscription-manager | Fixed | RHSA-2017:0698 | 21.03.2017 |
| Red Hat Enterprise Linux 6 | subscription-manager-migration-data | Fixed | RHSA-2017:0698 | 21.03.2017 |
| Red Hat Enterprise Linux 7 | python-rhsm | Fixed | RHSA-2016:2592 | 03.11.2016 |
| Red Hat Enterprise Linux 7 | subscription-manager | Fixed | RHSA-2016:2592 | 03.11.2016 |
| Red Hat Enterprise Linux 7 | subscription-manager-migration-data | Fixed | RHSA-2016:2592 | 03.11.2016 |
Показывать по
Дополнительная информация
Статус:
3.3 Low
CVSS3
1.7 Low
CVSS2
Связанные уязвимости
The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories.
The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories.
3.3 Low
CVSS3
1.7 Low
CVSS2