The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories.
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
| Link | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1340525 | patch vdb entry third party advisory issue tracking |
| http://www.securitytracker.com/id/1038083 | third party advisory vdb entry |
| http://www.openwall.com/lists/oss-security/2016/10/26/5 | patch mailing list third party advisory |
| http://www.securityfocus.com/bid/93926 | third party advisory vdb entry |
| http://rhn.redhat.com/errata/RHSA-2016-2592.html | vendor advisory third party advisory vdb entry |
| https://github.com/candlepin/subscription-manager/commit/9dec31 | third party advisory patch |
| https://github.com/candlepin/subscription-manager/blob/subscription-manager-1.17.7-1/subscription-manager.spec | third party advisory |
| http://rhn.redhat.com/errata/RHSA-2017-0698.html | vendor advisory third party advisory vdb entry |