rPath Linux Initscripts /VAR/LOG/BTMP File Local Information Disclosure Vulnerability

Bugtraq ID:	26048
Class:	Configuration Error
CVE:	CVE-2007-5686
Remote:	No
Local:	Yes
Published:	Oct 11 2007 12:00AM
Updated:	May 07 2015 05:34PM
Credit:	The vendor disclosed this vulnerability.
Vulnerable:	rPath rPath Linux 1 Foresight Linux Foresight Linux 1.1
Not Vulnerable:

rPath Linux Initscripts /VAR/LOG/BTMP File Local Information Disclosure Vulnerability

rPath Linux is prone to a local information-disclosure vulnerability because scripts from the 'initscripts' package fail to set file permissions correctly on the '/var/log/btmp' file.

Attackers can leverage this issue to obtain valuable information to construct valid login credentials.

This issue affects rPath Linux 1; other versions may also be affected.

rPath Linux Initscripts /VAR/LOG/BTMP File Local Information Disclosure Vulnerability

Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

rPath Linux Initscripts /VAR/LOG/BTMP File Local Information Disclosure Vulnerability

Solution:
The vendor released fixes to address this issue. Please see the references for more information.

rPath Linux Initscripts /VAR/LOG/BTMP File Local Information Disclosure Vulnerability

References:

• rPath Homepage (rPath)