Description
Red Hat Certificate System 7.2 uses world-readable permissions for password.conf and unspecified other configuration files, which allows local users to discover passwords by reading these files.
Affected products
- RedHat / certificate_system7.2 – 7.2
References
- MISChttps://bugzilla.redhat.com/show_bug.cgi?id=451998
- VENDOR_ADVISORYhttp://secunia.com/advisories/33540
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2009/0145
- MISChttp://www.securityfocus.com/bid/33288
- MISChttp://securitytracker.com/id?1021608
- MISChttps://rhn.redhat.com/errata/RHSA-2009-0006.html
- MISChttps://rhn.redhat.com/errata/RHSA-2009-0007.html
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/48021