CVE-2008-2367
First published: Wed Jun 18 2008(Updated: )
It was discovered that Red Hat Certificate System use insecure default file permissions on configuration files (such as password.conf) that may contain authentication credentials or other sensitive information that should only be accessible to administrative and service users. This problem allows any local user to read Red Hat Certificate System configuration files.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Certificate System | =7.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://securitytracker.com/id?1021608
- http://secunia.com/advisories/33540
- https://bugzilla.redhat.com/show_bug.cgi?id=451998
- https://rhn.redhat.com/errata/RHSA-2009-0006.html
- http://www.securityfocus.com/bid/33288
- https://rhn.redhat.com/errata/RHSA-2009-0007.html
- http://www.vupen.com/english/advisories/2009/0145
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48021
- http://rhn.redhat.com/errata/RHSA-2009-0006.html
- http://rhn.redhat.com/errata/RHSA-2009-0007.html
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/severity
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2008-2367
- agent/trending
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/redhat
- canonical/red hat certificate system
- version/red hat certificate system/7.2