oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2016-4455: subscription-manager: incorrect permisions in /var/lib/rhsm/

From: Cedric Buissart <cbuissar () redhat com>
Date: Wed, 26 Oct 2016 17:09:42 +0200
Hi,

This is to disclose the following CVE:

CVE-2016-4455: subscription-manager: incorrect permissions in /var/lib/rhsm/
Description :

It was found that subscription-manager assigned incorrect permissions to
content in /var/lib/rhsm/, causing an information disclosure flaw. An
unprivileged local attacker could use this flaw to access sensitive data
that could later be used for a social engineering attack.

Upstream patch :
https://github.com/candlepin/subscription-manager/commit/9dec31

Impact : Low
CVSSv2 scoring : 1.7 - AV:L/AC:L/Au:S/C:P/I:N/A:N
CVSSv3 scoring : 3.3 - AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Reported by : Robert Scheck

Best regards,


-- 
Cedric Buissart,
Product Security
Previous By Date Next
Previous By Thread Next

Current thread: