CVE-2012-6116
katello-configure < 1.3.3.pulpv2 - Unauthenticated Arbitrary File Write via Weak Candlepin Bootstrap RPM Permissions
Title source: llmDescription
modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.
References (5)
Core 5
Core References
Patch x_refsource_confirm
https://github.com/Katello/katello/commits/master/katello-configure/katello-configure.spec
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/52774
Patch x_refsource_confirm
https://github.com/jsomara/katello/commit/65f1e42b7bda0f3410931c50598540d944d8bf0d
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0547.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0686.html
Scores
EPSS
0.0023
EPSS Percentile
13.6%
Details
CWE
CWE-264
Status
published
Products (2)
katello/katello
katello/katello-configure
< 1.3.2_pulpv2
Published
Mar 01, 2013
Tracked Since
Feb 18, 2026