First published: Thu Nov 22 2012(Updated: )
Aaron Weitekamp (aweiteka) reports: Description of problem: /etc/katello/secure/passphrase is world readable. File and directory should be secured. [root@qeblade40 ~]# ls -la /etc/katello/secure total 12 drwxr-xr-x. 2 root root 4096 Nov 13 09:11 . drwxr-xr-x. 3 root root 4096 Nov 14 11:22 .. -rw-r--r--. 1 root root 65 Nov 13 09:11 passphrase [root@qeblade40 ~]# rpm -qf /etc/katello/secure katello-selinux-1.1.1-2.el6cf.noarch [root@qeblade40 ~]# rpm -qf /etc/katello/secure/passphrase file /etc/katello/secure/passphrase is not owned by any package Version-Release number of selected component (if applicable): 1.1 [root@qeblade40 ~]# rpm -qa |grep katello katello-cli-1.1.8-12.el6cf.noarch katello-1.1.12-22.el6cf.noarch katello-qpid-broker-key-pair-1.0-1.noarch katello-certs-tools-1.1.8-1.el6cf.noarch katello-candlepin-cert-key-pair-1.0-1.noarch katello-glue-pulp-1.1.12-22.el6cf.noarch katello-all-1.1.12-22.el6cf.noarch katello-cli-common-1.1.8-12.el6cf.noarch katello-glue-candlepin-1.1.12-22.el6cf.noarch katello-selinux-1.1.1-2.el6cf.noarch katello-qpid-client-key-pair-1.0-1.noarch katello-common-1.1.12-22.el6cf.noarch katello-configure-1.1.9-12.el6cf.noarch Steps to Reproduce: 1. `ls -la /etc/katello/secure` 2. `rpm -qf /etc/katello/secure` Actual results: File and directory are world readable
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Katello Katello | =1.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.