info
discussion
exploit
solution
references
Candlepin subscription-manager CVE-2017-2663 Multiple Local Privilege Escalation Vulnerabilities
References:
1434094: Deny D-BUS Config.Set from non-root
(Candlepin)
Lock down Facts object to be accessible to root only.
(Candlepin)
subscription-manager Product Page
(Candlepin)
Bug 1434100 CVE-2017-2663 subscription-manager: unsafe dbus interface
(Redhat)
subscription-manager: CVE-2017-2663 unsafe dbus interface
(Seclists.org)
Privacy Statement
Copyright 2010, SecurityFocus