FKIE_CVE-2012-6116

Vulnerability from fkie_nvd - Published: 2013-03-01 05:40 - Updated: 2025-04-11 00:51
Severity ?
Summary
modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.
References
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-0547.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-0686.html
secalert@redhat.comhttp://secunia.com/advisories/52774
secalert@redhat.comhttps://github.com/Katello/katello/commits/master/katello-configure/katello-configure.spec
secalert@redhat.comhttps://github.com/jsomara/katello/commit/65f1e42b7bda0f3410931c50598540d944d8bf0d
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0547.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0686.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/52774
af854a3a-2127-422b-91ae-364da2661108https://github.com/Katello/katello/commits/master/katello-configure/katello-configure.spec
af854a3a-2127-422b-91ae-364da2661108https://github.com/jsomara/katello/commit/65f1e42b7bda0f3410931c50598540d944d8bf0d
Impacted products
Vendor Product Version
katello katello -
katello katello-configure *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:katello:katello:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B029A7B4-A3BE-4AC8-A6D0-C8FC2552492D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:katello:katello-configure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B46FF535-5CF9-4030-B586-FC99BFC114E4",
              "versionEndIncluding": "1.3.2_pulpv2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file."
    },
    {
      "lang": "es",
      "value": "modules/certs/manifests/config.pp en katello-configure antes de v1.3.3.pulpv2 en Katello usa permisos d\u00e9biles (666) para el Candlepin bootstrap RPM, que permite a usuarios locales modificar el certificado CA Candlepin escribiendo en este fichero."
    }
  ],
  "id": "CVE-2012-6116",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-03-01T05:40:16.910",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0547.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/52774"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://github.com/Katello/katello/commits/master/katello-configure/katello-configure.spec"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://github.com/jsomara/katello/commit/65f1e42b7bda0f3410931c50598540d944d8bf0d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0547.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/52774"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/Katello/katello/commits/master/katello-configure/katello-configure.spec"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/jsomara/katello/commit/65f1e42b7bda0f3410931c50598540d944d8bf0d"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.