Red Hat Certificate System 7.2 uses world-readable permissions for password.conf and unspecified other configuration files, which allows local users to discover passwords by reading these files.
secunia.com/advisories/33540
securitytracker.com/id?1021608
www.securityfocus.com/bid/33288
www.vupen.com/english/advisories/2009/0145
bugzilla.redhat.com/show_bug.cgi?id=451998
exchange.xforce.ibmcloud.com/vulnerabilities/48021
rhn.redhat.com/errata/RHSA-2009-0006.html
rhn.redhat.com/errata/RHSA-2009-0007.html