CVE-2016-3111

by Fred · 08/06/2017

pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp consumers in a directory that is world-readable before later modifying the permissions, which might allow local users to read the generated RSA keys via reading the key files while the installation process is running.

Date published : 2017-06-08

https://bugzilla.redhat.com/attachment.cgi?id=1146522

https://bugzilla.redhat.com/show_bug.cgi?id=1326251

CVE-2016-3111

Similar

Recent Posts

Categories

CVE-2016-3111

Share this:

Similar

Recent Posts

Categories

Tags