Oval Definition:oval:com.redhat.rhsa:def:20100449
Revision Date:2010-06-01Version:635
Title:RHSA-2010:0449: rhn-client-tools security update (Moderate)
Description:Red Hat Network Client Tools provide programs and libraries that allow your system to receive software updates from the Red Hat Network (RHN).

  • It was discovered that rhn-client-tools set insecure permissions on the loginAuth.pkl file, used to store session credentials for authenticating connections to Red Hat Network servers. A local, unprivileged user could use these credentials to download packages from the Red Hat Network. They could also manipulate package or action lists associated with the system's profile. (CVE-2010-1439)

    Users of rhn-client-tools are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2010-1439
    RHSA-2010:0449
    RHSA-2010:0449-01
    RHSA-2010:0449-01
    Platform(s):Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • rhn-check is earlier than 0:0.4.20-33.el5_5.2
  • AND rhn-check is signed with Red Hat redhatrelease2 key
  • rhn-client-tools is earlier than 0:0.4.20-33.el5_5.2
  • AND rhn-client-tools is signed with Red Hat redhatrelease2 key
  • rhn-setup is earlier than 0:0.4.20-33.el5_5.2
  • AND rhn-setup is signed with Red Hat redhatrelease2 key
  • rhn-setup-gnome is earlier than 0:0.4.20-33.el5_5.2
  • AND rhn-setup-gnome is signed with Red Hat redhatrelease2 key
    • BACK