Date: Wed, 26 Oct 2016 17:09:42 +0200 From: Cedric Buissart <cbuissar@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE-2016-4455: subscription-manager: incorrect permisions in /var/lib/rhsm/ Hi, This is to disclose the following CVE: CVE-2016-4455: subscription-manager: incorrect permissions in /var/lib/rhsm/ Description : It was found that subscription-manager assigned incorrect permissions to content in /var/lib/rhsm/, causing an information disclosure flaw. An unprivileged local attacker could use this flaw to access sensitive data that could later be used for a social engineering attack. Upstream patch : https://github.com/candlepin/subscription-manager/commit/9dec31 Impact : Low CVSSv2 scoring : 1.7 - AV:L/AC:L/Au:S/C:P/I:N/A:N CVSSv3 scoring : 3.3 - AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Reported by : Robert Scheck Best regards, -- Cedric Buissart, Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ