Lucene search
PRIOn knowledge basePRION:CVE-2016-4455HistoryApr 14, 2017 - 6:59 p.m.
Design/Logic Flaw
2017-04-1418:59:00
PRIOn knowledge base
www.prio-n.com
3
The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories.
References
rhn.redhat.com/errata/RHSA-2016-2592.html
rhn.redhat.com/errata/RHSA-2017-0698.html
www.openwall.com/lists/oss-security/2016/10/26/5
www.securityfocus.com/bid/93926
www.securitytracker.com/id/1038083
bugzilla.redhat.com/show_bug.cgi?id=1340525
github.com/candlepin/subscription-manager/blob/subscription-manager-1.17.7-1/subscription-manager.spec
github.com/candlepin/subscription-manager/commit/9dec31
Related
nessus
nessus
RHEL 6 : subscription-manager (RHSA-2017:0698)
2017-03-22 00:00:00
CentOS 7 : python-rhsm / subscription-manager (CESA-2016:2592)
2016-11-28 00:00:00
cve
cve
CVE-2016-4455
2017-04-14 18:59:00
nvd
nvd
CVE-2016-4455
2017-04-14 18:59:00
openvas
openvas
Huawei EulerOS: Security Advisory for subscription-manager, python-rhsm (EulerOS-SA-2016-1069)
2020-01-23 00:00:00
RedHat Update for subscription-manager RHSA-2017:0698-01
2017-03-22 00:00:00
RedHat Update for subscription-manager RHSA-2016:2592-02
2016-11-04 00:00:00
redhatcve
redhatcve
CVE-2016-4455
2016-12-15 20:17:33
osv
osv
CVE-2016-4455
2017-04-14 18:59:00
redhat
redhat
cvelist
cvelist
CVE-2016-4455
2017-04-14 18:00:00
veracode
veracode
Information Disclosure
2019-01-15 09:14:19
centos
centos
python, subscription security update
2016-11-25 15:43:55