modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Katello | Katello | - (including) | - (including) |
| Katello-configure | Katello | * | 1.3.2_pulpv2 (including) |
| CloudForms for RHEL 6 | RedHat | candlepin-0:0.7.19-3.el6cf | * |
| CloudForms for RHEL 6 | RedHat | katello-0:1.1.12.2-5.el6cf | * |
| CloudForms for RHEL 6 | RedHat | katello-cli-0:1.1.8-14.el6cf | * |
| CloudForms for RHEL 6 | RedHat | katello-configure-0:1.1.9-13.el6cf | * |
| CloudForms for RHEL 6 | RedHat | katello-selinux-0:1.1.1-5.el6cf | * |
| Red Hat Subscription Asset Manager 1.2 | RedHat | candlepin-0:0.7.24-1.el6_3 | * |
| Red Hat Subscription Asset Manager 1.2 | RedHat | katello-0:1.2.1.1-1h.el6_4 | * |
| Red Hat Subscription Asset Manager 1.2 | RedHat | katello-configure-0:1.2.3.1-4h.el6_4 | * |
| Red Hat Subscription Asset Manager 1.2 | RedHat | rubygem-actionpack-1:3.0.10-12.el6cf | * |
| Red Hat Subscription Asset Manager 1.2 | RedHat | rubygem-activemodel-0:3.0.10-3.el6cf | * |
| Red Hat Subscription Asset Manager 1.2 | RedHat | rubygem-delayed_job-0:2.1.4-3.el6cf | * |
| Red Hat Subscription Asset Manager 1.2 | RedHat | rubygem-json-0:1.7.3-2.el6_3 | * |
| Red Hat Subscription Asset Manager 1.2 | RedHat | rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf | * |
| Red Hat Subscription Asset Manager 1.2 | RedHat | rubygem-rack-1:1.3.0-4.el6cf | * |
| Red Hat Subscription Asset Manager 1.2 | RedHat | rubygem-rails_warden-0:0.5.5-2.el6cf | * |
| Red Hat Subscription Asset Manager 1.2 | RedHat | rubygem-rdoc-0:3.8-6.el6cf | * |
| Red Hat Subscription Asset Manager 1.2 | RedHat | thumbslug-0:0.0.28.1-1.el6_4 | * |