Upstream information

CVE-2012-2679 at MITRE

Description

Red Hat Network (RHN) Configuration Client (rhncfg-client) in rhncfg before 5.10.27-8 uses weak permissions (world-readable) for /var/log/rhncfg-actions, which allows local users to obtain sensitive information about the rhncfg-client actions by reading the file.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 2.1
Vector AV:L/AC:L/Au:N/C:P/I:N/A:N
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None
SUSE Bugzilla entry: 766148 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP1-CLIENT-TOOLS
  • rhn-virtualization-common >= 5.4.15-0.15.2
  • rhn-virtualization-host >= 5.4.15-0.15.2
  • rhncfg >= 5.9.33-0.20.1
  • rhncfg-actions >= 5.9.33-0.20.1
  • rhncfg-client >= 5.9.33-0.20.1
  • rhncfg-management >= 5.9.33-0.20.1
Patchnames:
slesctsp1-client-tools-201206
SUSE Linux Enterprise Server for SAP Applications 11 SP1-CLIENT-TOOLS
  • rhn-virtualization-common >= 5.4.15-0.15.2
  • rhn-virtualization-host >= 5.4.15-0.15.2
  • rhncfg >= 5.9.33-0.20.1
  • rhncfg-actions >= 5.9.33-0.20.1
  • rhncfg-client >= 5.9.33-0.20.1
  • rhncfg-management >= 5.9.33-0.20.1
Patchnames:
slesctsp1-client-tools-201206
SUSE Manager Client Tools for RES 6
  • rhn-virtualization-common >= 5.4.15-0.16.1
  • rhn-virtualization-host >= 5.4.15-0.16.1
  • rhncfg >= 5.9.33-0.21.1
  • rhncfg-actions >= 5.9.33-0.21.1
  • rhncfg-client >= 5.9.33-0.21.1
  • rhncfg-management >= 5.9.33-0.21.1
SLE CLIENT TOOLS 10 for PPC
SLE CLIENT TOOLS 10 for ia64
SLE CLIENT TOOLS 10 for s390x
SLE CLIENT TOOLS 10 for x86
SLE CLIENT TOOLS 10 for x86_64
  • rhncfg >= 5.9.33-0.11.1
  • rhncfg-actions >= 5.9.33-0.11.1
  • rhncfg-client >= 5.9.33-0.11.1
  • rhncfg-management >= 5.9.33-0.11.1
Builds
ZYPP Patch Nr: 8192
SUSE Manager Client Tools for RES 5
  • rhn-virtualization-common >= 5.4.15-0.16.1
  • rhn-virtualization-host >= 5.4.15-0.16.1
  • rhncfg >= 5.9.33-0.21.1
  • rhncfg-actions >= 5.9.33-0.21.1
  • rhncfg-client >= 5.9.33-0.21.1
  • rhncfg-management >= 5.9.33-0.21.1
SUSE Manager Client Tools for SLE 11 SP1
  • rhn-virtualization-common >= 5.4.15-0.15.2
  • rhn-virtualization-host >= 5.4.15-0.15.2
  • rhncfg >= 5.9.33-0.20.1
  • rhncfg-actions >= 5.9.33-0.20.1
  • rhncfg-client >= 5.9.33-0.20.1
  • rhncfg-management >= 5.9.33-0.20.1
Builds
SAT Patch Nr: 6443