* Technical Description *
Redhat has released a security patch to correct a vulnerability identified in Sysreport. When run by the root user, sysreport includes the contents of the "/etc/sysconfig/rhn/up2date" configuration file. If up2date has been configured to connect to a proxy server that requires an authentication password, that password is included in plain text in the system report.
* Affected Products *
Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
* Solution *
Use Red Hat Network to download and update your packages :
http://rhn.redhat.com/ * References *
http://www.frsirt.com/english/advisories/2005/0760http://rhn.redhat.com/errata/RHSA-2005-502.html
AlphaOne Technology Support Forums
Author
Logged
