Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-4455

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2013-4455
Last Modified 15 May 2014 09:11:16
Published 14 May 2014 03:55:09
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2013-4455

Summary

Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node, which allows local users to obtain the private key by reading the file.

Vulnerable Systems

Application

  • Katello Installer 0.0.1

  • Katello Installer 0.0.10

  • Katello Installer 0.0.11

  • Katello Installer 0.0.12

  • Katello Installer 0.0.13

  • Katello Installer 0.0.14

  • Katello Installer 0.0.15

  • Katello Installer 0.0.16

  • Katello Installer 0.0.17

  • Katello Installer 0.0.2

  • Katello Installer 0.0.3

  • Katello Installer 0.0.4

  • Katello Installer 0.0.5

  • Katello Installer 0.0.6

  • Katello Installer 0.0.7

  • Katello Installer 0.0.8

  • Katello Installer 0.0.9


References

CONFIRM - https://github.com/Katello/katello-installer/commit/15e01086bcb3f5d42525730e8b162bca11bec85e

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=1021784


Last Updated: 27 May 2016 11:05:17