CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2012-6116 – Candlepin: bootstrap RPM deploys CA certificate file with mode 666
https://notcve.org/view.php?id=CVE-2012-6116
modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file. modules/certs/manifests/config.pp en katello-configure antes de v1.3.3.pulpv2 en Katello usa permisos débiles (666) para el Candlepin bootstrap RPM, que permite a usuarios locales modificar el certificado CA Candlepin escribiendo en este fichero. • http://rhn.redhat.com/errata/RHSA-2013-0547.html http://rhn.redhat.com/errata/RHSA-2013-0686.html http://secunia.com/advisories/52774 https://github.com/Katello/katello/commits/master/katello-configure/katello-configure.spec https://github.com/jsomara/katello/commit/65f1e42b7bda0f3410931c50598540d944d8bf0d https://access.redhat.com/security/cve/CVE-2012-6116 https://bugzilla.redhat.com/show_bug.cgi?id=906207 • CWE-264: Permissions, Privileges, and Access Controls •