CVE-2010-1439
First published: Fri Apr 23 2010(Updated: )
It was found that the yum-rhn-plugin caches sensitive authentication information in the world-readable /var/spool/up2date/loginAuth.pkl file. This information could be used to download packages from Red Hat Network (Hosted or Satellite) or otherwise manipulate the package list associated with the system's profile, which could possibly prevent new errata from being installed.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat RHN Client Tools | ||
| Red Hat YUM RHN Plugin | ||
| Fedora | ||
| Red Hat Enterprise Linux | =5 | |
| Red Hat Enterprise Linux | =5-ga | |
| Red Hat Enterprise Linux | =5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=585386
- http://www.redhat.com/support/errata/RHSA-2010-0449.html
- http://www.vupen.com/english/advisories/2010/1311
- http://securitytracker.com/id?1024049
- http://secunia.com/advisories/39996
- http://www.securityfocus.com/bid/40492
- http://www.osvdb.org/65063
- https://exchange.xforce.ibmcloud.com/vulnerabilities/59114
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9232
- https://rhn.redhat.com/errata/RHSA-2010-0449.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=598642
Frequently Asked Questions
What is the severity of CVE-2010-1439?
CVE-2010-1439 has a medium severity level due to the exposure of sensitive authentication information.
How do I fix CVE-2010-1439?
To fix CVE-2010-1439, you should ensure that the /var/spool/up2date/loginAuth.pkl file has proper permissions and restrict access to it.
What software is affected by CVE-2010-1439?
CVE-2010-1439 affects the Red Hat Yum-rhn-plugin.
What are the potential risks of CVE-2010-1439?
The potential risks of CVE-2010-1439 include unauthorized downloading of packages and manipulation of the package list.
Is CVE-2010-1439 still a concern for my system?
If you are using an affected version of the yum-rhn-plugin without the necessary security measures, CVE-2010-1439 could still be a concern.
- collector/nvd-historical
- agent/first-publish-date
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-1439
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/redhat
- canonical/red hat rhn client tools
- canonical/red hat yum rhn plugin
- vendor/fedoraproject
- canonical/fedora
- canonical/red hat enterprise linux
- version/red hat enterprise linux/5
- version/red hat enterprise linux/5-ga
- version/red hat enterprise linux/5.0