CVE-2012-6116

Published: Mar 1, 2013Modified: Apr 29, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.

Affected (2)

Products: Katello: Katello, Katello Configure

Katello

2 products

Katello

Katello Configure

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Katello Katello	All versions
Katello Katello Configure	Up to 1.3.2_pulpv2

Related CWEs

CWE-264

References (10)

http://rhn.redhat.com/errata/RHSA-2013-0547.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2013-0686.html

Source: secalert@redhat.com

http://secunia.com/advisories/52774

Source: secalert@redhat.com

https://github.com/Katello/katello/commits/master/katello-configure/katello-configure.spec

Source: secalert@redhat.com

https://github.com/jsomara/katello/commit/65f1e42b7bda0f3410931c50598540d944d8bf0d

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2013-0547.html