Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.870991
Kategorie:Red Hat Local Security Checks
Titel:RedHat Update for subscription-manager RHSA-2013:0788-01
Zusammenfassung:The remote host is missing an update for the 'subscription-manager'; package(s) announced via the referenced advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'subscription-manager'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The subscription-manager packages provide programs and libraries to allow
users to manage subscriptions and yum repositories from the Red Hat
Entitlement platform.

It was discovered that the rhn-migrate-classic-to-rhsm tool did not verify
the Red Hat Network Classic server's X.509 certificate when migrating
system profiles registered with Red Hat Network Classic to
Certificate-based Red Hat Network. An attacker could use this flaw to
conduct man-in-the-middle attacks, allowing them to obtain the user's Red
Hat Network credentials. (CVE-2012-6137)

This issue was discovered by Florian Weimer of the Red Hat Product Security
Team.

All users of subscription-manager are advised to upgrade to these updated
packages, which contain a backported patch to fix this issue.

Affected Software/OS:
subscription-manager on Red Hat Enterprise Linux (v. 5 server),
Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2012-6137
BugTraq ID: 59674
http://www.securityfocus.com/bid/59674
http://osvdb.org/93058
RedHat Security Advisories: RHSA-2013:0788
http://rhn.redhat.com/errata/RHSA-2013-0788.html
http://www.securitytracker.com/id/1028520
http://secunia.com/advisories/53330
XForce ISS Database: redhat-ssl-cve20126137-sec-bypass(84020)
https://exchange.xforce.ibmcloud.com/vulnerabilities/84020
CopyrightCopyright (c) 2013 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.