Back to search
CVE-2016-4455
Published: Apr 14, 2017
Modified: Aug 6, 2024
PUBLISHED
Description
The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://bugzilla.redhat.com/show_bug.cgi?id=1340525
x_refsource_CONFIRM
1038083
vdb-entry
x_refsource_SECTRACK
[oss-security] 20161026 CVE-2016-4455: subscription-manager: incorrect permisions in /var/lib/rhsm/
mailing-list
x_refsource_MLIST
93926
vdb-entry
x_refsource_BID
RHSA-2016:2592
vendor-advisory
x_refsource_REDHAT
https://github.com/candlepin/subscription-manager/commit/9dec31
x_refsource_CONFIRM
RHSA-2017:0698
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now