OSVDB ID: 86396

Title: Red Hat Network (RHN) Configuration Client (rhncfg-client) /var/log/rhncfg-actions Permission Weakness Local Information Disclosure

Info

Disclosure

Oct 15, 2012

Discovery

Unknown

Dates

Exploit

Oct 15, 2012

Solution

Unknown

Description

Red Hat Network (RHN) Configuration Client (rhncfg-client) contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by the program setting insecure permissions on the /var/log/rhncfg-actions file. This may allow a local attacker to gain access to potentially sensitive information.

Classification

Location: Local Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Solution: Patch / RCS
Exploit: Exploit Public
Disclosure: Vendor Verified
OSVDB: Authentication Required

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, REd Hat has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.

Products

Red Hat, Inc.

Red Hat Network

Unspecified

References

Security Tracker: 1027661
CVE ID: 2012-2679 (see also: NVD)
Secunia Advisory ID: 50978
Bugtraq ID: 55934
Generic Informational URL: https://twitter.com/letoams/statuses/262258867285671936
RedHat RHSA: RHSA-2012:1369

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/86396