CVE-2016-3696 – pulp: Leakage of CA key in pulp-qpid-ssl-cfg
https://notcve.org/view.php?id=CVE-2016-3696
The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key. El script pulp-qpid-ssl-cfg en Pulp anterior a la versión 2.8.5 permite a usuarios locales obtener la clave de autoridad de certificación. It was found that the private CA key was created in a directory that is world-readable for a small amount of time. A local user could possibly use this flaw to gain access to the private key information in the file. • https://access.redhat.com/errata/RHSA-2018:0336 https://bugzilla.redhat.com/show_bug.cgi?id=1328930 https://docs.pulpproject.org/user-guide/release-notes/2.8.x.html#pulp-2-8-5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YM2LCC7QBRCK4LTN5EZT5OHTVAR3MYTY https://pulp.plan.io/issues/1854 https://access.redhat.com/security/cve/CVE-2016-3696 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2016-3095
https://notcve.org/view.php?id=CVE-2016-3095
server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key. El archivo server/bin/pulp-gen-ca-certificate en Pulp anterior a versión 2.8.2, permite a los usuarios locales leer la clave privada generada. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182006.html http://www.openwall.com/lists/oss-security/2016/04/06/3 http://www.openwall.com/lists/oss-security/2016/04/18/11 https://bugzilla.redhat.com/show_bug.cgi?id=1322706 https://github.com/pulp/pulp/pull/2503/commits/9f969b94c4b4f310865455d36db207de6cffebca • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-3108
https://notcve.org/view.php?id=CVE-2016-3108
The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink attack. El script del archivo pulp-gen-nodes-certificate en Pulp anterior a la versión 2.8.3, permite a los usuarios locales filtrar las claves o escribir en archivos arbitrarios por medio de un ataque de symlink. • http://www.openwall.com/lists/oss-security/2016/05/20/1 https://access.redhat.com/errata/RHBA-2016:1501 https://bugzilla.redhat.com/attachment.cgi?id=1146475 https://bugzilla.redhat.com/show_bug.cgi?id=1325934 https://github.com/pulp/pulp/pull/2528 https://pulp.plan.io/issues/1830 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2016-3111
https://notcve.org/view.php?id=CVE-2016-3111
pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp consumers in a directory that is world-readable before later modifying the permissions, which might allow local users to read the generated RSA keys via reading the key files while the installation process is running. pulp.spec en el proceso de instalación para Pulp 2.8.3 genera pares de claves RSA empleadas para validar mensajes entre el servidor pulp y los usuarios de pulp en un directorio que puede ser leído por cualquier usuario antes de modificar los permisos. Esto puede permitir que los usuarios locales lean las claves RSA generadas mediante la lectura de archivos de claves mientras se está ejecutando el proceso de instalación. • http://pkgs.fedoraproject.org/cgit/rpms/pulp.git/tree/pulp.spec#n317 http://pkgs.fedoraproject.org/cgit/rpms/pulp.git/tree/pulp.spec#n620 http://www.openwall.com/lists/oss-security/2016/05/20/1 https://access.redhat.com/errata/RHBA-2016:1501 https://bugzilla.redhat.com/attachment.cgi?id=1146522 https://bugzilla.redhat.com/show_bug.cgi?id=1326251 https://github.com/pulp/pulp/blob/master/pulp.spec#L473-L486 https://github.com/pulp/pulp/blob/master/pulp.spec#L894-L • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-3112
https://notcve.org/view.php?id=CVE-2016-3112
client/consumer/cli.py in Pulp before 2.8.3 writes consumer private keys to etc/pki/pulp/consumer/consumer-cert.pem as world-readable, which allows remote authenticated users to obtain the consumer private keys and escalate privileges by reading /etc/pki/pulp/consumer/consumer-cert, and authenticating as a consumer user. client/consumer/cli.py en Pulp, en versiones anteriores a la 2.8.3, escribe claves privadas del usuario en etc/pki/pulp/consumer/consumer-cert.pem de forma legible para todos los usuarios, lo que permite que usuarios autenticados remotos obtengan las claves privadas de los consumidores y eleven privilegios mediante la lectura de /etc/pki/pulp/consumer/consumer-cert y autenticándose como el usuario consumidor. • http://www.openwall.com/lists/oss-security/2016/05/20/1 https://access.redhat.com/errata/RHBA-2016:1501 https://bugzilla.redhat.com/attachment.cgi?id=1146538 https://bugzilla.redhat.com/show_bug.cgi?id=1326242 https://pulp.plan.io/issues/1834 • CWE-284: Improper Access Control •