First published: Fri May 25 2012(Updated: )
It was discovered that Red Hat Network Configuration Client set insecure (0644) permissions on the /var/log/rhncfg-actions file used to store (besides terminal) the output of different RHN Client actions (diff, verify etc.). A local attacker could use this flaw to obtain sensitive information, if the rhncfg-client diff action has been used to query differences between the (normally for unprivileged user not readable) config files stored by RHN and those, deployed on the system.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Redhat Rhncfg | <=5.10.27 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.