oss-sec mailing list archives
CVE-2016-4455: subscription-manager: incorrect permisions in /var/lib/rhsm/
From: Cedric Buissart <cbuissar () redhat com>
Date: Wed, 26 Oct 2016 17:09:42 +0200
Hi, This is to disclose the following CVE: CVE-2016-4455: subscription-manager: incorrect permissions in /var/lib/rhsm/ Description : It was found that subscription-manager assigned incorrect permissions to content in /var/lib/rhsm/, causing an information disclosure flaw. An unprivileged local attacker could use this flaw to access sensitive data that could later be used for a social engineering attack. Upstream patch : https://github.com/candlepin/subscription-manager/commit/9dec31 Impact : Low CVSSv2 scoring : 1.7 - AV:L/AC:L/Au:S/C:P/I:N/A:N CVSSv3 scoring : 3.3 - AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Reported by : Robert Scheck Best regards, -- Cedric Buissart, Product Security
Current thread:
- CVE-2016-4455: subscription-manager: incorrect permisions in /var/lib/rhsm/ Cedric Buissart (Oct 26)