CVE-2012-6116

Name of the Vulnerable Software and Affected Versions Katello versions prior to 1.3.3.pulpv2

Description The issue is related to weak permissions used by the katello-configure module in Katello. Specifically, the modules/certs/manifests/config.pp file uses weak permissions (666) for the Candlepin bootstrap RPM, allowing local users to modify the Candlepin CA certificate by writing to this file.

Recommendations For versions prior to 1.3.3.pulpv2, update to version 1.3.3.pulpv2 or later to resolve the issue. As a temporary workaround, consider restricting write access to the Candlepin bootstrap RPM file to prevent local users from modifying the Candlepin CA certificate.