SB2016093005 - Information Disclosure in Red Hat Enterprise Linux Server for Red Hat Enterprise Linux for x86_64
Published: September 30, 2016 Updated: September 30, 2016
Security Bulletin ID
SB2016093005
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Information Disclosure (CVE-ID: CVE-2016-5432)
The vulnerability allows a remote unathanticated user to obtain potentially sensitive information on the target system.The weakness is caused by improper checking of authentication details. As such details are user with provision*db options before storing the output in log files, attackers can access passwords and in the log files.
Successful exploitation of the vulnerability may result in access to potentially sensitive data and further attacks.
Remediation
Install update from vendor's website.