Vulnerability Description
modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Katello | Katello | - |
| Katello | Katello-Configure | <= 1.3.2_pulpv2 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2013-0547.html
- http://rhn.redhat.com/errata/RHSA-2013-0686.html
- http://secunia.com/advisories/52774
- https://github.com/Katello/katello/commits/master/katello-configure/katello-conf
- https://github.com/jsomara/katello/commit/65f1e42b7bda0f3410931c50598540d944d8bf
- http://rhn.redhat.com/errata/RHSA-2013-0547.html
- http://rhn.redhat.com/errata/RHSA-2013-0686.html
- http://secunia.com/advisories/52774
- https://github.com/Katello/katello/commits/master/katello-configure/katello-conf
- https://github.com/jsomara/katello/commit/65f1e42b7bda0f3410931c50598540d944d8bf
FAQ
What is CVE-2012-6116?
CVE-2012-6116 is a vulnerability with a CVSS score of 2.1 (LOW). modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA c...
How severe is CVE-2012-6116?
CVE-2012-6116 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-6116?
Check the references section above for vendor advisories and patch information. Affected products include: Katello Katello, Katello Katello-Configure.