CVE-2012-6137
First published: Fri Dec 07 2012(Updated: )
A security flaw was found in the way rhn-migrate-classic-to-rhsm tool of subscription-manager, a suite of tools and libraries for subscription and repository management, performed migration of system profiles, registered with Red Hat Network Classic to Customer Portal Subscription Management (certificate of Red Hat Network Classic server was not verified for validity). A rogue server could use this flaw to conduct man-in-the-middle (MiTM) attacks, possibly leading to their ability to obtain user credentials, that would be used for authentication of that particular user at Red Hat Network Classic server before the system profile(s) migration. This issue was found by Florian Weimer of Red Hat Product Security Team.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Enterprise Linux | =5 | |
| redhat enterprise Linux desktop | =5.0 | |
| redhat enterprise Linux desktop | =6.0 | |
| redhat enterprise Linux eus | =5.9.z | |
| Red Hat Enterprise Linux HPC Node | =6 | |
| Red Hat Enterprise Linux | =5.9 | |
| redhat enterprise Linux server | =6.0 | |
| redhat enterprise Linux server aus | =6.4 | |
| redhat enterprise Linux server eus | =6.4.z | |
| redhat enterprise Linux workstation | =6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://osvdb.org/93058
- http://rhn.redhat.com/errata/RHSA-2013-0788.html
- http://secunia.com/advisories/53330
- http://www.securityfocus.com/bid/59674
- http://www.securitytracker.com/id/1028520
- https://bugzilla.redhat.com/show_bug.cgi?id=885130
- https://exchange.xforce.ibmcloud.com/vulnerabilities/84020
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=885130#c2
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=704258&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=704258&action=edit
- https://access.redhat.com/security/cve/CVE-2012-6137
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=960257
- https://rhn.redhat.com/errata/RHSA-2013-0788.html
Frequently Asked Questions
What is the severity of CVE-2012-6137?
CVE-2012-6137 is rated as a moderate severity vulnerability.
How do I fix CVE-2012-6137?
To fix CVE-2012-6137, ensure you apply the latest updates provided by Red Hat for affected versions.
Which software is affected by CVE-2012-6137?
CVE-2012-6137 affects various versions of Red Hat Enterprise Linux, including 5 and 6 series.
What is the nature of the vulnerability in CVE-2012-6137?
CVE-2012-6137 is a security flaw in the rhn-migrate-classic-to-rhsm tool used for system profile migrations.
Is there a workaround for CVE-2012-6137?
Currently, there are no specific workarounds for CVE-2012-6137 other than upgrading to patched versions.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2012-6137
- agent/author
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/references
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/5
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/5.0
- version/redhat enterprise linux desktop/6.0
- canonical/redhat enterprise linux eus
- version/redhat enterprise linux eus/5.9.z
- canonical/red hat enterprise linux hpc node
- version/red hat enterprise linux hpc node/6
- version/red hat enterprise linux/5.9
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/6.0
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/6.4
- canonical/redhat enterprise linux server eus
- version/redhat enterprise linux server eus/6.4.z
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/6.0