Required CVE Record Information
Description
modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.
References 5 Total
- https://github.com/Katello/katello/commits/master/katello-configure/katello-configure.spec
- secunia.com: 52774 third-party-advisory
- https://github.com/jsomara/katello/commit/65f1e42b7bda0f3410931c50598540d944d8bf0d
- rhn.redhat.com: RHSA-2013:0547 vendor-advisory
- rhn.redhat.com: RHSA-2013:0686 vendor-advisory
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 5 Total
- https://github.com/Katello/katello/commits/master/katello-configure/katello-configure.spec x_transferred
- secunia.com: 52774 third-party-advisoryx_transferred
- https://github.com/jsomara/katello/commit/65f1e42b7bda0f3410931c50598540d944d8bf0d x_transferred
- rhn.redhat.com: RHSA-2013:0547 vendor-advisoryx_transferred
- rhn.redhat.com: RHSA-2013:0686 vendor-advisoryx_transferred