CVE-2016-4455

Published: Apr 14, 2017Modified: May 13, 2026

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories.

Affected (9)

Products: Redhat: Enterprise Linux Desktop, Enterprise Linux Hpc Node, Enterprise Linux Server, Enterprise Linux Workstation, Subscription Manager

5 products

Enterprise Linux Desktop

Enterprise Linux Hpc Node

Enterprise Linux Server

Enterprise Linux Workstation

Subscription Manager

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Hpc Node	Version 6.0
Redhat Enterprise Linux Hpc Node	Version 7.0
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Workstation	Version 6.0
Redhat Enterprise Linux Workstation	Version 7.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Subscription Manager	Up to 1.17.6-1

Related CWEs

References (16)

http://rhn.redhat.com/errata/RHSA-2016-2592.html

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://rhn.redhat.com/errata/RHSA-2017-0698.html

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.openwall.com/lists/oss-security/2016/10/26/5

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

http://www.securityfocus.com/bid/93926

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1038083

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1340525

Source: secalert@redhat.com

Issue TrackingPatchThird Party AdvisoryVDB Entry

https://github.com/candlepin/subscription-manager/blob/subscription-manager-1.17.7-1/subscription-manager.spec

Source: secalert@redhat.com

Third Party Advisory

https://github.com/candlepin/subscription-manager/commit/9dec31

Source: secalert@redhat.com

PatchThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-2592.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://rhn.redhat.com/errata/RHSA-2017-0698.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.openwall.com/lists/oss-security/2016/10/26/5

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

http://www.securityfocus.com/bid/93926

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1038083

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1340525

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party AdvisoryVDB Entry

https://github.com/candlepin/subscription-manager/blob/subscription-manager-1.17.7-1/subscription-manager.spec

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/candlepin/subscription-manager/commit/9dec31

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.