Lucene search

K
cve[email protected]CVE-2012-6116
HistoryMar 01, 2013 - 5:40 a.m.

CVE-2012-6116

2013-03-0105:40:16
CWE-264
web.nvd.nist.gov
26
cve-2012-6116
katello-configure
weak permissions
candlepin
rpm
local users
security vulnerability

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0

Percentile

5.1%

modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.

Affected configurations

NVD
Node
katellokatelloMatch-
OR
katellokatello-configureRange1.3.2_pulpv2

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0

Percentile

5.1%