Vulnerability Details : CVE-2010-1439
yum-rhn-plugin in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Enterprise Linux (RHEL) 5 and Fedora uses world-readable permissions for the /var/spool/up2date/loginAuth.pkl file, which allows local users to access the Red Hat Network profile, and possibly prevent future security updates, by leveraging authentication data from this file.
Exploit prediction scoring system (EPSS) score for CVE-2010-1439
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-1439
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
3.6
|
LOW | AV:L/AC:L/Au:N/C:P/I:P/A:N |
3.9
|
4.9
|
NIST |
CWE ids for CVE-2010-1439
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-1439
-
https://bugzilla.redhat.com/show_bug.cgi?id=585386
585386 – (CVE-2010-1439) CVE-2010-1439 rhn-client-tools: authorized information disclosure
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/59114
Red Hat rhn-client-tools loginAuth.pkl security bypass CVE-2010-1439 Vulnerability Report
-
http://securitytracker.com/id?1024049
Red Hat Network Client Tools Lets Local Users Obtain RHN Access Password - SecurityTracker
-
http://www.redhat.com/support/errata/RHSA-2010-0449.html
Support
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9232
Repository / Oval Repository
-
http://www.securityfocus.com/bid/40492
Red Hat Client Tools 'loginAuth.pkl' Local Security Bypass Vulnerability
-
http://www.vupen.com/english/advisories/2010/1311
Webmail | OVH- OVHVendor Advisory
Products affected by CVE-2010-1439
- cpe:2.3:a:redhat:yum-rhn-plugin:*:*:*:*:*:*:*:*When used together with: Redhat » Rhn-client-toolsWhen used together with: Fedoraproject » Fedora