The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Certificate_system | Redhat | * | 8.1.1 (including) |
| Certificate_system | Redhat | 7.1 (including) | 7.1 (including) |
| Certificate_system | Redhat | 7.2 (including) | 7.2 (including) |
| Certificate_system | Redhat | 7.3 (including) | 7.3 (including) |
| Certificate_system | Redhat | 8 (including) | 8 (including) |
| Certificate_system | Redhat | 8.0 (including) | 8.0 (including) |
| Certificate_system | Redhat | 8.1 (including) | 8.1 (including) |
| Red Hat Certificate System 8 | RedHat | pki-common-0:8.1.3-2.el5pki | * |
| Red Hat Certificate System 8 | RedHat | pki-tps-0:8.1.3-2.el5pki | * |
References
- http://rhn.redhat.com/errata/RHSA-2012-1550.html
- http://secunia.com/advisories/51482
- http://www.securityfocus.com/bid/56843
- http://www.securitytracker.com/id?1027846
- https://bugzilla.redhat.com/show_bug.cgi?id=869570
- http://rhn.redhat.com/errata/RHSA-2012-1550.html
- http://secunia.com/advisories/51482
- http://www.securityfocus.com/bid/56843
- http://www.securitytracker.com/id?1027846
- https://bugzilla.redhat.com/show_bug.cgi?id=869570