PT-2014-3449 · Red Hat+1 · Red Hat Enterprise Linux Openstack Platform+1
Published
2014-06-02
·
Updated
2023-02-13
·
CVE-2014-0042
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
OpenStack Heat Templates (heat-templates) as used in Red Hat Enterprise Linux OpenStack Platform version 4.0
Description
The issue allows man-in-the-middle attackers to install arbitrary packages via unspecified vectors, as GPG signature checking on downloaded packages is disabled due to
gpgcheck being set to 0 for certain templates.Recommendations
For Red Hat Enterprise Linux OpenStack Platform version 4.0, consider setting
gpgcheck to 1 to enable GPG signature checking on downloaded packages as a mitigation measure.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openstack Heat Templates
Red Hat Enterprise Linux Openstack Platform