CVE-2012-2679

Red Hat Network (RHN) Configuration Client (rhncfg-client) in rhncfg before 5.10.27-8 uses weak permissions (world-readable) for /var/log/rhncfg-actions, which allows local users to obtain sensitive information about the rhncfg-client actions by reading the file.
Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:rhncfg:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:39

Type Values Removed Values Added
References () http://rhn.redhat.com/errata/RHSA-2012-1369.html - Vendor Advisory () http://rhn.redhat.com/errata/RHSA-2012-1369.html - Vendor Advisory
References () http://secunia.com/advisories/50978 - Vendor Advisory () http://secunia.com/advisories/50978 - Vendor Advisory
References () http://www.securityfocus.com/bid/55934 - () http://www.securityfocus.com/bid/55934 -
References () http://www.securitytracker.com/id?1027661 - () http://www.securitytracker.com/id?1027661 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=825275 - () https://bugzilla.redhat.com/show_bug.cgi?id=825275 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/79260 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/79260 -

Information

Published : 2012-10-22 23:55

Updated : 2024-11-21 01:39


NVD link : CVE-2012-2679

Mitre link : CVE-2012-2679

CVE.ORG link : CVE-2012-2679


JSON object : View

Products Affected

redhat

  • rhncfg
CWE
CWE-264

Permissions, Privileges, and Access Controls