Lucene search

Veracode Vulnerability DatabaseVERACODE:13832

HistoryMay 02, 2019 - 4:41 a.m.

Privilege Escalation

2019-05-0204:41:52

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

JSON

Red Hat CloudForms is an on-premise hybrid cloud Infrastructure-as-a-Service (IaaS) product that lets you create and manage private and public clouds. This update fixes bugs in and adds enhancements to the System Engine packages, and upgrades the system to CloudForms 1.1. This update also fixes the following security issues: It was discovered that Katello did not properly check user permissions when handling certain requests. An authenticated remote attacker could use this flaw to download consumer certificates or change settings of other users’ systems if they knew the target system’s UUID. (CVE-2012-5603) It was discovered that Pulp logged administrative passwords to a world readable log file. A local attacker could use this flaw to control systems deployed and managed by CloudForms. (CVE-2012-3538) It was discovered that the Pulp configuration file pulp.conf was installed as world readable. A local attacker could use this flaw to view the administrative password, allowing them to control systems deployed and managed by CloudForms. (CVE-2012-4574) It was discovered that grinder used insecure permissions for its cache directory. A local attacker could use this flaw to access or modify files in the cache. (CVE-2012-5605) The CVE-2012-5603 issue was discovered by Lukas Zapletal of Red Hat; CVE-2012-3538 was discovered by James Laska of Red Hat; CVE-2012-4574 was discovered by Kurt Seifried of Red Hat; and CVE-2012-5605 was discovered by James Labocki of Red Hat. After upgrading to these new packages, follow the instructions in the “4.1. Upgrading CloudForms System Engine” section of the CloudForms 1.1 Installation Guide: https://access.redhat.com/knowledge/docs/en-US/CloudForms/1.1/html/Installation_Guide/index.html To view the full list of changes in this update, view the CloudForms Technical Notes: https://access.redhat.com/knowledge/docs/en-US/CloudForms/1.1/html/Technical_Notes/index.html Users are advised to upgrade to these updated CloudForms System Engine packages, which resolve these issues and add these enhancements.

CPENameOperatorVersion
katello-selinuxeq0.1.5__3.el6
katello-selinuxeq0.1.10__1.el6
katello-selinuxeq0.2.4__1.el6_2
katello-configureeq0.1.111__1.el6cf
katello-configureeq0.1.107__1.el6
katello-configureeq0.1.64__7.el6
katello-configureeq0.3.7__1.el6_2
katelloeq0.3.4__1.el6_2
katelloeq0.1.311__1.el6_2
katelloeq0.1.320__1.el6cf

Name	Operator	Version
katello-selinux	eq	0.1.5__3.el6
katello-selinux	eq	0.1.10__1.el6
katello-selinux	eq	0.2.4__1.el6_2
katello-configure	eq	0.1.111__1.el6cf
katello-configure	eq	0.1.107__1.el6
katello-configure	eq	0.1.64__7.el6
katello-configure	eq	0.3.7__1.el6_2
katello	eq	0.3.4__1.el6_2
katello	eq	0.1.311__1.el6_2
katello	eq	0.1.320__1.el6cf

Rows per page:

1-10 of 901

References

osvdb.org/88141

rhn.redhat.com/errata/RHSA-2012-1543.html

secunia.com/advisories/51472

www.securityfocus.com/bid/56819

access.redhat.com/knowledge/docs/en-US/CloudForms/1.1/html/Installation_Guide/index.html

access.redhat.com/knowledge/docs/en-US/CloudForms/1.1/html/Technical_Notes/index.html

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=746765

bugzilla.redhat.com/show_bug.cgi?id=753128

bugzilla.redhat.com/show_bug.cgi?id=760180

bugzilla.redhat.com/show_bug.cgi?id=766694

bugzilla.redhat.com/show_bug.cgi?id=769559

bugzilla.redhat.com/show_bug.cgi?id=782954

bugzilla.redhat.com/show_bug.cgi?id=786176

bugzilla.redhat.com/show_bug.cgi?id=786226

bugzilla.redhat.com/show_bug.cgi?id=787184

bugzilla.redhat.com/show_bug.cgi?id=787305

bugzilla.redhat.com/show_bug.cgi?id=789139

bugzilla.redhat.com/show_bug.cgi?id=789535

bugzilla.redhat.com/show_bug.cgi?id=790138

bugzilla.redhat.com/show_bug.cgi?id=790342

bugzilla.redhat.com/show_bug.cgi?id=796047

bugzilla.redhat.com/show_bug.cgi?id=796972

bugzilla.redhat.com/show_bug.cgi?id=797299

bugzilla.redhat.com/show_bug.cgi?id=797321

bugzilla.redhat.com/show_bug.cgi?id=797412

bugzilla.redhat.com/show_bug.cgi?id=799538

bugzilla.redhat.com/show_bug.cgi?id=800529

bugzilla.redhat.com/show_bug.cgi?id=801454

bugzilla.redhat.com/show_bug.cgi?id=801580

bugzilla.redhat.com/show_bug.cgi?id=802925

bugzilla.redhat.com/show_bug.cgi?id=803548

bugzilla.redhat.com/show_bug.cgi?id=803702

bugzilla.redhat.com/show_bug.cgi?id=803728

bugzilla.redhat.com/show_bug.cgi?id=803761

bugzilla.redhat.com/show_bug.cgi?id=804127

bugzilla.redhat.com/show_bug.cgi?id=804555

bugzilla.redhat.com/show_bug.cgi?id=804610

bugzilla.redhat.com/show_bug.cgi?id=804685

bugzilla.redhat.com/show_bug.cgi?id=805027

bugzilla.redhat.com/show_bug.cgi?id=805412

bugzilla.redhat.com/show_bug.cgi?id=805627

bugzilla.redhat.com/show_bug.cgi?id=805709

bugzilla.redhat.com/show_bug.cgi?id=805956

bugzilla.redhat.com/show_bug.cgi?id=806076

bugzilla.redhat.com/show_bug.cgi?id=806078

bugzilla.redhat.com/show_bug.cgi?id=806083

bugzilla.redhat.com/show_bug.cgi?id=806353

bugzilla.redhat.com/show_bug.cgi?id=806879

bugzilla.redhat.com/show_bug.cgi?id=806940

bugzilla.redhat.com/show_bug.cgi?id=806969

bugzilla.redhat.com/show_bug.cgi?id=807288

bugzilla.redhat.com/show_bug.cgi?id=807291

bugzilla.redhat.com/show_bug.cgi?id=807468

bugzilla.redhat.com/show_bug.cgi?id=807804

bugzilla.redhat.com/show_bug.cgi?id=808172

bugzilla.redhat.com/show_bug.cgi?id=808437

bugzilla.redhat.com/show_bug.cgi?id=809259

bugzilla.redhat.com/show_bug.cgi?id=810378

bugzilla.redhat.com/show_bug.cgi?id=810945

bugzilla.redhat.com/show_bug.cgi?id=811556

bugzilla.redhat.com/show_bug.cgi?id=811564

bugzilla.redhat.com/show_bug.cgi?id=812417

bugzilla.redhat.com/show_bug.cgi?id=813675

bugzilla.redhat.com/show_bug.cgi?id=815308

bugzilla.redhat.com/show_bug.cgi?id=815802

bugzilla.redhat.com/show_bug.cgi?id=816935

bugzilla.redhat.com/show_bug.cgi?id=817123

bugzilla.redhat.com/show_bug.cgi?id=818204

bugzilla.redhat.com/show_bug.cgi?id=818261

bugzilla.redhat.com/show_bug.cgi?id=818370

bugzilla.redhat.com/show_bug.cgi?id=819593

bugzilla.redhat.com/show_bug.cgi?id=819941

bugzilla.redhat.com/show_bug.cgi?id=820373

bugzilla.redhat.com/show_bug.cgi?id=820385

bugzilla.redhat.com/show_bug.cgi?id=820624

bugzilla.redhat.com/show_bug.cgi?id=820626

bugzilla.redhat.com/show_bug.cgi?id=820630

bugzilla.redhat.com/show_bug.cgi?id=821345

bugzilla.redhat.com/show_bug.cgi?id=821644

bugzilla.redhat.com/show_bug.cgi?id=821929

bugzilla.redhat.com/show_bug.cgi?id=822119

bugzilla.redhat.com/show_bug.cgi?id=822484

bugzilla.redhat.com/show_bug.cgi?id=823688

bugzilla.redhat.com/show_bug.cgi?id=824069

bugzilla.redhat.com/show_bug.cgi?id=824581

bugzilla.redhat.com/show_bug.cgi?id=826581

bugzilla.redhat.com/show_bug.cgi?id=827087

bugzilla.redhat.com/show_bug.cgi?id=827108

bugzilla.redhat.com/show_bug.cgi?id=828447

bugzilla.redhat.com/show_bug.cgi?id=828533

bugzilla.redhat.com/show_bug.cgi?id=829208

bugzilla.redhat.com/show_bug.cgi?id=829437

bugzilla.redhat.com/show_bug.cgi?id=829794

bugzilla.redhat.com/show_bug.cgi?id=830176

bugzilla.redhat.com/show_bug.cgi?id=831664

bugzilla.redhat.com/show_bug.cgi?id=834006

bugzilla.redhat.com/show_bug.cgi?id=834013

bugzilla.redhat.com/show_bug.cgi?id=834242

bugzilla.redhat.com/show_bug.cgi?id=834646

bugzilla.redhat.com/show_bug.cgi?id=834697

bugzilla.redhat.com/show_bug.cgi?id=835586

bugzilla.redhat.com/show_bug.cgi?id=835591

bugzilla.redhat.com/show_bug.cgi?id=835875

bugzilla.redhat.com/show_bug.cgi?id=836339

bugzilla.redhat.com/show_bug.cgi?id=836575

bugzilla.redhat.com/show_bug.cgi?id=837000

bugzilla.redhat.com/show_bug.cgi?id=839005

bugzilla.redhat.com/show_bug.cgi?id=840616

bugzilla.redhat.com/show_bug.cgi?id=840624

bugzilla.redhat.com/show_bug.cgi?id=840625

bugzilla.redhat.com/show_bug.cgi?id=841000

bugzilla.redhat.com/show_bug.cgi?id=841289

bugzilla.redhat.com/show_bug.cgi?id=841300

bugzilla.redhat.com/show_bug.cgi?id=841310

bugzilla.redhat.com/show_bug.cgi?id=841686

bugzilla.redhat.com/show_bug.cgi?id=841691

bugzilla.redhat.com/show_bug.cgi?id=841984

bugzilla.redhat.com/show_bug.cgi?id=841998

bugzilla.redhat.com/show_bug.cgi?id=842003

bugzilla.redhat.com/show_bug.cgi?id=842005

bugzilla.redhat.com/show_bug.cgi?id=842010

bugzilla.redhat.com/show_bug.cgi?id=842252

bugzilla.redhat.com/show_bug.cgi?id=842256

bugzilla.redhat.com/show_bug.cgi?id=842271

bugzilla.redhat.com/show_bug.cgi?id=842569

bugzilla.redhat.com/show_bug.cgi?id=842838

bugzilla.redhat.com/show_bug.cgi?id=842858

bugzilla.redhat.com/show_bug.cgi?id=843059

bugzilla.redhat.com/show_bug.cgi?id=843061

bugzilla.redhat.com/show_bug.cgi?id=843064

bugzilla.redhat.com/show_bug.cgi?id=843161

bugzilla.redhat.com/show_bug.cgi?id=843165

bugzilla.redhat.com/show_bug.cgi?id=843462

bugzilla.redhat.com/show_bug.cgi?id=843529

bugzilla.redhat.com/show_bug.cgi?id=843845

bugzilla.redhat.com/show_bug.cgi?id=844414

bugzilla.redhat.com/show_bug.cgi?id=844417

bugzilla.redhat.com/show_bug.cgi?id=844678

bugzilla.redhat.com/show_bug.cgi?id=844796

bugzilla.redhat.com/show_bug.cgi?id=844806

bugzilla.redhat.com/show_bug.cgi?id=845060

bugzilla.redhat.com/show_bug.cgi?id=845096

bugzilla.redhat.com/show_bug.cgi?id=845198

bugzilla.redhat.com/show_bug.cgi?id=845224

bugzilla.redhat.com/show_bug.cgi?id=845576

bugzilla.redhat.com/show_bug.cgi?id=845580

bugzilla.redhat.com/show_bug.cgi?id=845613

bugzilla.redhat.com/show_bug.cgi?id=845668

bugzilla.redhat.com/show_bug.cgi?id=845995

bugzilla.redhat.com/show_bug.cgi?id=846251

bugzilla.redhat.com/show_bug.cgi?id=846482

bugzilla.redhat.com/show_bug.cgi?id=846719

bugzilla.redhat.com/show_bug.cgi?id=847002

bugzilla.redhat.com/show_bug.cgi?id=847115

bugzilla.redhat.com/show_bug.cgi?id=847858

bugzilla.redhat.com/show_bug.cgi?id=848038

bugzilla.redhat.com/show_bug.cgi?id=849224

bugzilla.redhat.com/show_bug.cgi?id=850342

bugzilla.redhat.com/show_bug.cgi?id=850790

bugzilla.redhat.com/show_bug.cgi?id=851080

bugzilla.redhat.com/show_bug.cgi?id=851142

bugzilla.redhat.com/show_bug.cgi?id=851512

bugzilla.redhat.com/show_bug.cgi?id=852006

bugzilla.redhat.com/show_bug.cgi?id=852119

bugzilla.redhat.com/show_bug.cgi?id=852167

bugzilla.redhat.com/show_bug.cgi?id=852316

bugzilla.redhat.com/show_bug.cgi?id=852388

bugzilla.redhat.com/show_bug.cgi?id=852791

bugzilla.redhat.com/show_bug.cgi?id=852804

bugzilla.redhat.com/show_bug.cgi?id=853056

bugzilla.redhat.com/show_bug.cgi?id=853229

bugzilla.redhat.com/show_bug.cgi?id=853356

bugzilla.redhat.com/show_bug.cgi?id=853445

bugzilla.redhat.com/show_bug.cgi?id=853995

bugzilla.redhat.com/show_bug.cgi?id=854697

bugzilla.redhat.com/show_bug.cgi?id=855184

bugzilla.redhat.com/show_bug.cgi?id=855267

bugzilla.redhat.com/show_bug.cgi?id=855406

bugzilla.redhat.com/show_bug.cgi?id=856220

bugzilla.redhat.com/show_bug.cgi?id=857078

bugzilla.redhat.com/show_bug.cgi?id=857230

bugzilla.redhat.com/show_bug.cgi?id=857274

bugzilla.redhat.com/show_bug.cgi?id=857499

bugzilla.redhat.com/show_bug.cgi?id=857539

bugzilla.redhat.com/show_bug.cgi?id=857550

bugzilla.redhat.com/show_bug.cgi?id=857574

bugzilla.redhat.com/show_bug.cgi?id=857720

bugzilla.redhat.com/show_bug.cgi?id=857727

bugzilla.redhat.com/show_bug.cgi?id=857842

bugzilla.redhat.com/show_bug.cgi?id=858011

bugzilla.redhat.com/show_bug.cgi?id=858013

bugzilla.redhat.com/show_bug.cgi?id=858038

bugzilla.redhat.com/show_bug.cgi?id=858193

bugzilla.redhat.com/show_bug.cgi?id=858277

bugzilla.redhat.com/show_bug.cgi?id=858358

bugzilla.redhat.com/show_bug.cgi?id=858360

bugzilla.redhat.com/show_bug.cgi?id=858363

bugzilla.redhat.com/show_bug.cgi?id=858661

bugzilla.redhat.com/show_bug.cgi?id=858678

bugzilla.redhat.com/show_bug.cgi?id=858682

bugzilla.redhat.com/show_bug.cgi?id=858706

bugzilla.redhat.com/show_bug.cgi?id=858960

bugzilla.redhat.com/show_bug.cgi?id=859329

bugzilla.redhat.com/show_bug.cgi?id=859407

bugzilla.redhat.com/show_bug.cgi?id=859415

bugzilla.redhat.com/show_bug.cgi?id=859442

bugzilla.redhat.com/show_bug.cgi?id=859604

bugzilla.redhat.com/show_bug.cgi?id=859784

bugzilla.redhat.com/show_bug.cgi?id=859963

bugzilla.redhat.com/show_bug.cgi?id=860251

bugzilla.redhat.com/show_bug.cgi?id=860421

bugzilla.redhat.com/show_bug.cgi?id=860702

bugzilla.redhat.com/show_bug.cgi?id=860709

bugzilla.redhat.com/show_bug.cgi?id=862441

bugzilla.redhat.com/show_bug.cgi?id=862997

bugzilla.redhat.com/show_bug.cgi?id=863187

bugzilla.redhat.com/show_bug.cgi?id=863252

bugzilla.redhat.com/show_bug.cgi?id=864216

bugzilla.redhat.com/show_bug.cgi?id=864372

bugzilla.redhat.com/show_bug.cgi?id=864936

bugzilla.redhat.com/show_bug.cgi?id=864999

bugzilla.redhat.com/show_bug.cgi?id=865528

bugzilla.redhat.com/show_bug.cgi?id=865811

bugzilla.redhat.com/show_bug.cgi?id=869575

bugzilla.redhat.com/show_bug.cgi?id=871086

bugzilla.redhat.com/show_bug.cgi?id=872096

bugzilla.redhat.com/show_bug.cgi?id=872305

bugzilla.redhat.com/show_bug.cgi?id=873850

bugzilla.redhat.com/show_bug.cgi?id=874160

bugzilla.redhat.com/show_bug.cgi?id=874185

bugzilla.redhat.com/show_bug.cgi?id=874768

bugzilla.redhat.com/show_bug.cgi?id=882138

exchange.xforce.ibmcloud.com/vulnerabilities/80550

rhn.redhat.com/errata/RHSA-2012-1543.html

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

JSON

Related for VERACODE:13832