CVE-2010-1439

Name of the Vulnerable Software and Affected Versions Red Hat Network Client Tools (aka rhn-client-tools) versions on Red Hat Enterprise Linux (RHEL) 5 and Fedora

Description The issue concerns the yum-rhn-plugin in Red Hat Network Client Tools, which uses world-readable permissions for the /var/spool/up2date/loginAuth.pkl file. This allows local users to access the Red Hat Network profile by leveraging authentication data from this file, and possibly prevent future security updates.

Recommendations For Red Hat Enterprise Linux (RHEL) 5 and Fedora, consider changing the permissions of the /var/spool/up2date/loginAuth.pkl file to prevent world-readable access until a patch is available. As a temporary workaround, restrict access to the loginAuth.pkl file to minimize the risk of exploitation.