Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 26 Oct 2016 17:09:42 +0200
From: Cedric Buissart <cbuissar@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2016-4455: subscription-manager: incorrect permisions in /var/lib/rhsm/

Hi,

This is to disclose the following CVE:

CVE-2016-4455: subscription-manager: incorrect permissions in /var/lib/rhsm/
Description :

It was found that subscription-manager assigned incorrect permissions to
content in /var/lib/rhsm/, causing an information disclosure flaw. An
unprivileged local attacker could use this flaw to access sensitive data
that could later be used for a social engineering attack.

Upstream patch :
https://github.com/candlepin/subscription-manager/commit/9dec31

Impact : Low
CVSSv2 scoring : 1.7 - AV:L/AC:L/Au:S/C:P/I:N/A:N
CVSSv3 scoring : 3.3 - AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Reported by : Robert Scheck

Best regards,


-- 
Cedric Buissart,
Product Security

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.