2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
Red Hat CloudForms is an on-premise hybrid cloud Infrastructure-as-a-Service (IaaS) product that lets you create and manage private and public clouds. This update fixes bugs in and adds enhancements to the System Engine packages, and upgrades the system to CloudForms 1.1. This update also fixes the following security issues: It was discovered that Katello did not properly check user permissions when handling certain requests. An authenticated remote attacker could use this flaw to download consumer certificates or change settings of other users’ systems if they knew the target system’s UUID. (CVE-2012-5603) It was discovered that Pulp logged administrative passwords to a world readable log file. A local attacker could use this flaw to control systems deployed and managed by CloudForms. (CVE-2012-3538) It was discovered that the Pulp configuration file pulp.conf was installed as world readable. A local attacker could use this flaw to view the administrative password, allowing them to control systems deployed and managed by CloudForms. (CVE-2012-4574) It was discovered that grinder used insecure permissions for its cache directory. A local attacker could use this flaw to access or modify files in the cache. (CVE-2012-5605) The CVE-2012-5603 issue was discovered by Lukas Zapletal of Red Hat; CVE-2012-3538 was discovered by James Laska of Red Hat; CVE-2012-4574 was discovered by Kurt Seifried of Red Hat; and CVE-2012-5605 was discovered by James Labocki of Red Hat. After upgrading to these new packages, follow the instructions in the “4.1. Upgrading CloudForms System Engine” section of the CloudForms 1.1 Installation Guide: https://access.redhat.com/knowledge/docs/en-US/CloudForms/1.1/html/Installation_Guide/index.html To view the full list of changes in this update, view the CloudForms Technical Notes: https://access.redhat.com/knowledge/docs/en-US/CloudForms/1.1/html/Technical_Notes/index.html Users are advised to upgrade to these updated CloudForms System Engine packages, which resolve these issues and add these enhancements.
osvdb.org/88141
rhn.redhat.com/errata/RHSA-2012-1543.html
secunia.com/advisories/51472
www.securityfocus.com/bid/56819
access.redhat.com/knowledge/docs/en-US/CloudForms/1.1/html/Installation_Guide/index.html
access.redhat.com/knowledge/docs/en-US/CloudForms/1.1/html/Technical_Notes/index.html
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=746765
bugzilla.redhat.com/show_bug.cgi?id=753128
bugzilla.redhat.com/show_bug.cgi?id=760180
bugzilla.redhat.com/show_bug.cgi?id=766694
bugzilla.redhat.com/show_bug.cgi?id=769559
bugzilla.redhat.com/show_bug.cgi?id=782954
bugzilla.redhat.com/show_bug.cgi?id=786176
bugzilla.redhat.com/show_bug.cgi?id=786226
bugzilla.redhat.com/show_bug.cgi?id=787184
bugzilla.redhat.com/show_bug.cgi?id=787305
bugzilla.redhat.com/show_bug.cgi?id=789139
bugzilla.redhat.com/show_bug.cgi?id=789535
bugzilla.redhat.com/show_bug.cgi?id=790138
bugzilla.redhat.com/show_bug.cgi?id=790342
bugzilla.redhat.com/show_bug.cgi?id=796047
bugzilla.redhat.com/show_bug.cgi?id=796972
bugzilla.redhat.com/show_bug.cgi?id=797299
bugzilla.redhat.com/show_bug.cgi?id=797321
bugzilla.redhat.com/show_bug.cgi?id=797412
bugzilla.redhat.com/show_bug.cgi?id=799538
bugzilla.redhat.com/show_bug.cgi?id=800529
bugzilla.redhat.com/show_bug.cgi?id=801454
bugzilla.redhat.com/show_bug.cgi?id=801580
bugzilla.redhat.com/show_bug.cgi?id=802925
bugzilla.redhat.com/show_bug.cgi?id=803548
bugzilla.redhat.com/show_bug.cgi?id=803702
bugzilla.redhat.com/show_bug.cgi?id=803728
bugzilla.redhat.com/show_bug.cgi?id=803761
bugzilla.redhat.com/show_bug.cgi?id=804127
bugzilla.redhat.com/show_bug.cgi?id=804555
bugzilla.redhat.com/show_bug.cgi?id=804610
bugzilla.redhat.com/show_bug.cgi?id=804685
bugzilla.redhat.com/show_bug.cgi?id=805027
bugzilla.redhat.com/show_bug.cgi?id=805412
bugzilla.redhat.com/show_bug.cgi?id=805627
bugzilla.redhat.com/show_bug.cgi?id=805709
bugzilla.redhat.com/show_bug.cgi?id=805956
bugzilla.redhat.com/show_bug.cgi?id=806076
bugzilla.redhat.com/show_bug.cgi?id=806078
bugzilla.redhat.com/show_bug.cgi?id=806083
bugzilla.redhat.com/show_bug.cgi?id=806353
bugzilla.redhat.com/show_bug.cgi?id=806879
bugzilla.redhat.com/show_bug.cgi?id=806940
bugzilla.redhat.com/show_bug.cgi?id=806969
bugzilla.redhat.com/show_bug.cgi?id=807288
bugzilla.redhat.com/show_bug.cgi?id=807291
bugzilla.redhat.com/show_bug.cgi?id=807468
bugzilla.redhat.com/show_bug.cgi?id=807804
bugzilla.redhat.com/show_bug.cgi?id=808172
bugzilla.redhat.com/show_bug.cgi?id=808437
bugzilla.redhat.com/show_bug.cgi?id=809259
bugzilla.redhat.com/show_bug.cgi?id=810378
bugzilla.redhat.com/show_bug.cgi?id=810945
bugzilla.redhat.com/show_bug.cgi?id=811556
bugzilla.redhat.com/show_bug.cgi?id=811564
bugzilla.redhat.com/show_bug.cgi?id=812417
bugzilla.redhat.com/show_bug.cgi?id=813675
bugzilla.redhat.com/show_bug.cgi?id=815308
bugzilla.redhat.com/show_bug.cgi?id=815802
bugzilla.redhat.com/show_bug.cgi?id=816935
bugzilla.redhat.com/show_bug.cgi?id=817123
bugzilla.redhat.com/show_bug.cgi?id=818204
bugzilla.redhat.com/show_bug.cgi?id=818261
bugzilla.redhat.com/show_bug.cgi?id=818370
bugzilla.redhat.com/show_bug.cgi?id=819593
bugzilla.redhat.com/show_bug.cgi?id=819941
bugzilla.redhat.com/show_bug.cgi?id=820373
bugzilla.redhat.com/show_bug.cgi?id=820385
bugzilla.redhat.com/show_bug.cgi?id=820624
bugzilla.redhat.com/show_bug.cgi?id=820626
bugzilla.redhat.com/show_bug.cgi?id=820630
bugzilla.redhat.com/show_bug.cgi?id=821345
bugzilla.redhat.com/show_bug.cgi?id=821644
bugzilla.redhat.com/show_bug.cgi?id=821929
bugzilla.redhat.com/show_bug.cgi?id=822119
bugzilla.redhat.com/show_bug.cgi?id=822484
bugzilla.redhat.com/show_bug.cgi?id=823688
bugzilla.redhat.com/show_bug.cgi?id=824069
bugzilla.redhat.com/show_bug.cgi?id=824581
bugzilla.redhat.com/show_bug.cgi?id=826581
bugzilla.redhat.com/show_bug.cgi?id=827087
bugzilla.redhat.com/show_bug.cgi?id=827108
bugzilla.redhat.com/show_bug.cgi?id=828447
bugzilla.redhat.com/show_bug.cgi?id=828533
bugzilla.redhat.com/show_bug.cgi?id=829208
bugzilla.redhat.com/show_bug.cgi?id=829437
bugzilla.redhat.com/show_bug.cgi?id=829794
bugzilla.redhat.com/show_bug.cgi?id=830176
bugzilla.redhat.com/show_bug.cgi?id=831664
bugzilla.redhat.com/show_bug.cgi?id=834006
bugzilla.redhat.com/show_bug.cgi?id=834013
bugzilla.redhat.com/show_bug.cgi?id=834242
bugzilla.redhat.com/show_bug.cgi?id=834646
bugzilla.redhat.com/show_bug.cgi?id=834697
bugzilla.redhat.com/show_bug.cgi?id=835586
bugzilla.redhat.com/show_bug.cgi?id=835591
bugzilla.redhat.com/show_bug.cgi?id=835875
bugzilla.redhat.com/show_bug.cgi?id=836339
bugzilla.redhat.com/show_bug.cgi?id=836575
bugzilla.redhat.com/show_bug.cgi?id=837000
bugzilla.redhat.com/show_bug.cgi?id=839005
bugzilla.redhat.com/show_bug.cgi?id=840616
bugzilla.redhat.com/show_bug.cgi?id=840624
bugzilla.redhat.com/show_bug.cgi?id=840625
bugzilla.redhat.com/show_bug.cgi?id=841000
bugzilla.redhat.com/show_bug.cgi?id=841289
bugzilla.redhat.com/show_bug.cgi?id=841300
bugzilla.redhat.com/show_bug.cgi?id=841310
bugzilla.redhat.com/show_bug.cgi?id=841686
bugzilla.redhat.com/show_bug.cgi?id=841691
bugzilla.redhat.com/show_bug.cgi?id=841984
bugzilla.redhat.com/show_bug.cgi?id=841998
bugzilla.redhat.com/show_bug.cgi?id=842003
bugzilla.redhat.com/show_bug.cgi?id=842005
bugzilla.redhat.com/show_bug.cgi?id=842010
bugzilla.redhat.com/show_bug.cgi?id=842252
bugzilla.redhat.com/show_bug.cgi?id=842256
bugzilla.redhat.com/show_bug.cgi?id=842271
bugzilla.redhat.com/show_bug.cgi?id=842569
bugzilla.redhat.com/show_bug.cgi?id=842838
bugzilla.redhat.com/show_bug.cgi?id=842858
bugzilla.redhat.com/show_bug.cgi?id=843059
bugzilla.redhat.com/show_bug.cgi?id=843061
bugzilla.redhat.com/show_bug.cgi?id=843064
bugzilla.redhat.com/show_bug.cgi?id=843161
bugzilla.redhat.com/show_bug.cgi?id=843165
bugzilla.redhat.com/show_bug.cgi?id=843462
bugzilla.redhat.com/show_bug.cgi?id=843529
bugzilla.redhat.com/show_bug.cgi?id=843845
bugzilla.redhat.com/show_bug.cgi?id=844414
bugzilla.redhat.com/show_bug.cgi?id=844417
bugzilla.redhat.com/show_bug.cgi?id=844678
bugzilla.redhat.com/show_bug.cgi?id=844796
bugzilla.redhat.com/show_bug.cgi?id=844806
bugzilla.redhat.com/show_bug.cgi?id=845060
bugzilla.redhat.com/show_bug.cgi?id=845096
bugzilla.redhat.com/show_bug.cgi?id=845198
bugzilla.redhat.com/show_bug.cgi?id=845224
bugzilla.redhat.com/show_bug.cgi?id=845576
bugzilla.redhat.com/show_bug.cgi?id=845580
bugzilla.redhat.com/show_bug.cgi?id=845613
bugzilla.redhat.com/show_bug.cgi?id=845668
bugzilla.redhat.com/show_bug.cgi?id=845995
bugzilla.redhat.com/show_bug.cgi?id=846251
bugzilla.redhat.com/show_bug.cgi?id=846482
bugzilla.redhat.com/show_bug.cgi?id=846719
bugzilla.redhat.com/show_bug.cgi?id=847002
bugzilla.redhat.com/show_bug.cgi?id=847115
bugzilla.redhat.com/show_bug.cgi?id=847858
bugzilla.redhat.com/show_bug.cgi?id=848038
bugzilla.redhat.com/show_bug.cgi?id=849224
bugzilla.redhat.com/show_bug.cgi?id=850342
bugzilla.redhat.com/show_bug.cgi?id=850790
bugzilla.redhat.com/show_bug.cgi?id=851080
bugzilla.redhat.com/show_bug.cgi?id=851142
bugzilla.redhat.com/show_bug.cgi?id=851512
bugzilla.redhat.com/show_bug.cgi?id=852006
bugzilla.redhat.com/show_bug.cgi?id=852119
bugzilla.redhat.com/show_bug.cgi?id=852167
bugzilla.redhat.com/show_bug.cgi?id=852316
bugzilla.redhat.com/show_bug.cgi?id=852388
bugzilla.redhat.com/show_bug.cgi?id=852791
bugzilla.redhat.com/show_bug.cgi?id=852804
bugzilla.redhat.com/show_bug.cgi?id=853056
bugzilla.redhat.com/show_bug.cgi?id=853229
bugzilla.redhat.com/show_bug.cgi?id=853356
bugzilla.redhat.com/show_bug.cgi?id=853445
bugzilla.redhat.com/show_bug.cgi?id=853995
bugzilla.redhat.com/show_bug.cgi?id=854697
bugzilla.redhat.com/show_bug.cgi?id=855184
bugzilla.redhat.com/show_bug.cgi?id=855267
bugzilla.redhat.com/show_bug.cgi?id=855406
bugzilla.redhat.com/show_bug.cgi?id=856220
bugzilla.redhat.com/show_bug.cgi?id=857078
bugzilla.redhat.com/show_bug.cgi?id=857230
bugzilla.redhat.com/show_bug.cgi?id=857274
bugzilla.redhat.com/show_bug.cgi?id=857499
bugzilla.redhat.com/show_bug.cgi?id=857539
bugzilla.redhat.com/show_bug.cgi?id=857550
bugzilla.redhat.com/show_bug.cgi?id=857574
bugzilla.redhat.com/show_bug.cgi?id=857720
bugzilla.redhat.com/show_bug.cgi?id=857727
bugzilla.redhat.com/show_bug.cgi?id=857842
bugzilla.redhat.com/show_bug.cgi?id=858011
bugzilla.redhat.com/show_bug.cgi?id=858013
bugzilla.redhat.com/show_bug.cgi?id=858038
bugzilla.redhat.com/show_bug.cgi?id=858193
bugzilla.redhat.com/show_bug.cgi?id=858277
bugzilla.redhat.com/show_bug.cgi?id=858358
bugzilla.redhat.com/show_bug.cgi?id=858360
bugzilla.redhat.com/show_bug.cgi?id=858363
bugzilla.redhat.com/show_bug.cgi?id=858661
bugzilla.redhat.com/show_bug.cgi?id=858678
bugzilla.redhat.com/show_bug.cgi?id=858682
bugzilla.redhat.com/show_bug.cgi?id=858706
bugzilla.redhat.com/show_bug.cgi?id=858960
bugzilla.redhat.com/show_bug.cgi?id=859329
bugzilla.redhat.com/show_bug.cgi?id=859407
bugzilla.redhat.com/show_bug.cgi?id=859415
bugzilla.redhat.com/show_bug.cgi?id=859442
bugzilla.redhat.com/show_bug.cgi?id=859604
bugzilla.redhat.com/show_bug.cgi?id=859784
bugzilla.redhat.com/show_bug.cgi?id=859963
bugzilla.redhat.com/show_bug.cgi?id=860251
bugzilla.redhat.com/show_bug.cgi?id=860421
bugzilla.redhat.com/show_bug.cgi?id=860702
bugzilla.redhat.com/show_bug.cgi?id=860709
bugzilla.redhat.com/show_bug.cgi?id=862441
bugzilla.redhat.com/show_bug.cgi?id=862997
bugzilla.redhat.com/show_bug.cgi?id=863187
bugzilla.redhat.com/show_bug.cgi?id=863252
bugzilla.redhat.com/show_bug.cgi?id=864216
bugzilla.redhat.com/show_bug.cgi?id=864372
bugzilla.redhat.com/show_bug.cgi?id=864936
bugzilla.redhat.com/show_bug.cgi?id=864999
bugzilla.redhat.com/show_bug.cgi?id=865528
bugzilla.redhat.com/show_bug.cgi?id=865811
bugzilla.redhat.com/show_bug.cgi?id=869575
bugzilla.redhat.com/show_bug.cgi?id=871086
bugzilla.redhat.com/show_bug.cgi?id=872096
bugzilla.redhat.com/show_bug.cgi?id=872305
bugzilla.redhat.com/show_bug.cgi?id=873850
bugzilla.redhat.com/show_bug.cgi?id=874160
bugzilla.redhat.com/show_bug.cgi?id=874185
bugzilla.redhat.com/show_bug.cgi?id=874768
bugzilla.redhat.com/show_bug.cgi?id=882138
exchange.xforce.ibmcloud.com/vulnerabilities/80550
rhn.redhat.com/errata/RHSA-2012-1543.html