[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

RHSA-2013:0788-01 -- Redhat subscription-manager

ID: oval:org.secpod.oval:def:501052Date: (C)2013-05-07   (M)2021-09-11
Class: PATCHFamily: unix




The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat Entitlement platform. It was discovered that the rhn-migrate-classic-to-rhsm tool did not verify the Red Hat Network Classic server"s X.509 certificate when migrating system profiles registered with Red Hat Network Classic to Certificate-based Red Hat Network. An attacker could use this flaw to conduct man-in-the-middle attacks, allowing them to obtain the user"s Red Hat Network credentials. This issue was discovered by Florian Weimer of the Red Hat Product Security Team. All users of subscription-manager are advised to upgrade to these updated packages, which contain a backported patch to fix this issue.

Platform:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Product:
subscription-manager
Reference:
RHSA-2013:0788-01
CVE-2012-6137
CVE    1
CVE-2012-6137
CPE    4
cpe:/o:redhat:enterprise_linux:5
cpe:/a:epractizelabs:subscription-manager
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:5::server
...

© SecPod Technologies