Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2008-2368 (GCVE-0-2008-2368)
Vulnerability from cvelistv5
Published
2009-01-20 16:00
Modified
2024-08-07 08:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:02.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33540",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33540"
},
{
"name": "ADV-2009-0145",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0145"
},
{
"name": "33288",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33288"
},
{
"name": "1021608",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021608"
},
{
"name": "RHSA-2009:0006",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-0006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=452000"
},
{
"name": "RHSA-2009:0007",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-0007.html"
},
{
"name": "redhat-cs-debuglog-info-disclosure(48022)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48022"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "33540",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33540"
},
{
"name": "ADV-2009-0145",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0145"
},
{
"name": "33288",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33288"
},
{
"name": "1021608",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021608"
},
{
"name": "RHSA-2009:0006",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-0006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=452000"
},
{
"name": "RHSA-2009:0007",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-0007.html"
},
{
"name": "redhat-cs-debuglog-info-disclosure(48022)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48022"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-2368",
"datePublished": "2009-01-20T16:00:00",
"dateReserved": "2008-05-21T00:00:00",
"dateUpdated": "2024-08-07T08:58:02.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2008-2368\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2009-01-20T16:30:00.280\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files.\"},{\"lang\":\"es\",\"value\":\"Red Hat Certificate System 7.2 almacena contrase\u00f1as en texto claro en el log UserDirEnrollment, el log RA wizard installer, y otros ficheros de log de errores sin especificar, y utiliza la debilidad en los permisos para esos ficheros, lo que permite a usuarios locales descubrir contrase\u00f1as leyendo los ficheros.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-255\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:certificate_system:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27FE079E-FB15-443C-BE2E-1D4C940BB8C0\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/33540\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1021608\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/33288\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0145\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=452000\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/48022\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2009-0006.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2009-0007.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/33540\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1021608\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/33288\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0145\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=452000\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/48022\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2009-0006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2009-0007.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
RHSA-2009:0007
Vulnerability from csaf_redhat
Published
2009-01-29 09:31
Modified
2025-09-25 11:37
Summary
Red Hat Security Advisory: rhpki security and bug fix update
Notes
Topic
Updated rhpki-common packages that fix security issues are now available
for Red Hat Certificate System 7.3.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
Red Hat Certificate System (RHCS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.
It was discovered that Red Hat Certificate System used insecure default
file permissions on certain configuration files (for example,
password.conf) that may contain authentication credentials. These
credentials should only be accessible to administrative and service users.
A local user could use this flaw to read Red Hat Certificate System
configuration files containing sensitive information. (CVE-2008-2367)
It was discovered that Red Hat Certificate System stored plain text
passwords in multiple debug log files with insufficient access restrictions
(for example, the UserDirEnrollment log and the RA wizard installer log). A
local user could use this flaw to extract plain text passwords from the Red
Hat Certificate System debug log files. (CVE-2008-2368)
It was discovered that the Token Processing System (TPS) component of the
Red Hat Certificate System did not properly verify the challenge response
received during the enrollment of a new security token. An attacker with
access to a blank token known to the TPS component and with privileges to
perform new token enrollments could use this flaw to complete the
enrollment procedure with a software-generated key instead of the key
stored in the hardware token. (CVE-2008-5082)
These updated packages fix the following bugs:
* The end-entities enrollment pages have been updated to support the
certenroll.dll library used on Microsoft Vista, so Internet Explorer can
be used on to enroll certificates on Vista.
* The password used by the LDAP publisher was improperly stored in the CA
configuration. This essentially required that the LDAP publishing password
had to be the same as the internal database (LDAP directory) password, or
LDAP publishing would break. A new parameter was added to the CA CS.cfg
file to define an LDAP publishing password parameter in the CA's
password.conf file.
* The secure ports used by subsystem interfaces — the administrative
console, agent pages, and end-entities pages — are, by default, the same.
It is possible with this errata to run those services on separate port,
which provides additional protection by prohibiting agents and users from
accessing the same TCP port and web services directory.
* The certificate policies extension was not processed by CMSServlet.
* Any IP Address defined in a certificate's SubjectAltName parameter was
improperly coded as an 8-byte number, with the last 4 bytes trailing zeros
(00 00 00 00).
* The subject name uniqueness plug-in in the CA profiles, which enforces
unique names for all active certificates, would reject a certificate
request which reused a subject name even if the previous certificate had
been revoked or expired.
* The TPS dependences have been changed from MozLDAP5 to MozLDAP6.
All users of Red Hat Certificate System 7.3 should upgrade to these updated
packages, which resolves these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated rhpki-common packages that fix security issues are now available\nfor Red Hat Certificate System 7.3.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Certificate System (RHCS) is an enterprise software system designed\nto manage enterprise Public Key Infrastructure (PKI) deployments.\n\nIt was discovered that Red Hat Certificate System used insecure default\nfile permissions on certain configuration files (for example,\npassword.conf) that may contain authentication credentials. These \ncredentials should only be accessible to administrative and service users. \nA local user could use this flaw to read Red Hat Certificate System \nconfiguration files containing sensitive information. (CVE-2008-2367)\n\nIt was discovered that Red Hat Certificate System stored plain text\npasswords in multiple debug log files with insufficient access restrictions\n(for example, the UserDirEnrollment log and the RA wizard installer log). A\nlocal user could use this flaw to extract plain text passwords from the Red\nHat Certificate System debug log files. (CVE-2008-2368)\n\nIt was discovered that the Token Processing System (TPS) component of the\nRed Hat Certificate System did not properly verify the challenge response\nreceived during the enrollment of a new security token. An attacker with\naccess to a blank token known to the TPS component and with privileges to\nperform new token enrollments could use this flaw to complete the\nenrollment procedure with a software-generated key instead of the key\nstored in the hardware token. (CVE-2008-5082)\n\nThese updated packages fix the following bugs:\n\n* The end-entities enrollment pages have been updated to support the \ncertenroll.dll library used on Microsoft Vista, so Internet Explorer can \nbe used on to enroll certificates on Vista.\n\n* The password used by the LDAP publisher was improperly stored in the CA \nconfiguration. This essentially required that the LDAP publishing password\nhad to be the same as the internal database (LDAP directory) password, or \nLDAP publishing would break. A new parameter was added to the CA CS.cfg \nfile to define an LDAP publishing password parameter in the CA\u0027s \npassword.conf file.\n\n* The secure ports used by subsystem interfaces \u2014 the administrative \nconsole, agent pages, and end-entities pages \u2014 are, by default, the same. \nIt is possible with this errata to run those services on separate port,\nwhich provides additional protection by prohibiting agents and users from\naccessing the same TCP port and web services directory.\n\n* The certificate policies extension was not processed by CMSServlet.\n\n* Any IP Address defined in a certificate\u0027s SubjectAltName parameter was \nimproperly coded as an 8-byte number, with the last 4 bytes trailing zeros \n(00 00 00 00).\n\n* The subject name uniqueness plug-in in the CA profiles, which enforces \nunique names for all active certificates, would reject a certificate \nrequest which reused a subject name even if the previous certificate had \nbeen revoked or expired.\n\n* The TPS dependences have been changed from MozLDAP5 to MozLDAP6.\n\nAll users of Red Hat Certificate System 7.3 should upgrade to these updated\npackages, which resolves these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2009:0007",
"url": "https://access.redhat.com/errata/RHSA-2009:0007"
},
{
"category": "external",
"summary": "http://www.redhat.com/security/updates/classification/#moderate",
"url": "http://www.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "451998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=451998"
},
{
"category": "external",
"summary": "452000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=452000"
},
{
"category": "external",
"summary": "459049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459049"
},
{
"category": "external",
"summary": "475998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=475998"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_0007.json"
}
],
"title": "Red Hat Security Advisory: rhpki security and bug fix update",
"tracking": {
"current_release_date": "2025-09-25T11:37:58+00:00",
"generator": {
"date": "2025-09-25T11:37:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.8"
}
},
"id": "RHSA-2009:0007",
"initial_release_date": "2009-01-29T09:31:00+00:00",
"revision_history": [
{
"date": "2009-01-29T09:31:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2009-01-29T04:31:12+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-25T11:37:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Certificate System 7.3 for 4AS",
"product": {
"name": "Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:certificate_system:7.3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Certificate System 7.3 for 4ES",
"product": {
"name": "Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:certificate_system:7.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat Certificate System"
},
{
"branches": [
{
"category": "product_version",
"name": "pkisetup-0:7.3.0-14.el4.noarch",
"product": {
"name": "pkisetup-0:7.3.0-14.el4.noarch",
"product_id": "pkisetup-0:7.3.0-14.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pkisetup@7.3.0-14.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-ocsp-0:7.3.0-11.el4.noarch",
"product": {
"name": "rhpki-ocsp-0:7.3.0-11.el4.noarch",
"product_id": "rhpki-ocsp-0:7.3.0-11.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-ocsp@7.3.0-11.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-ra-0:7.3.0-67.el4.noarch",
"product": {
"name": "rhpki-ra-0:7.3.0-67.el4.noarch",
"product_id": "rhpki-ra-0:7.3.0-67.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-ra@7.3.0-67.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-ca-0:7.3.0-17.el4.noarch",
"product": {
"name": "rhpki-ca-0:7.3.0-17.el4.noarch",
"product_id": "rhpki-ca-0:7.3.0-17.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-ca@7.3.0-17.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-tks-0:7.3.0-12.el4.noarch",
"product": {
"name": "rhpki-tks-0:7.3.0-12.el4.noarch",
"product_id": "rhpki-tks-0:7.3.0-12.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-tks@7.3.0-12.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-util-0:7.3.0-20.el4.noarch",
"product": {
"name": "rhpki-util-0:7.3.0-20.el4.noarch",
"product_id": "rhpki-util-0:7.3.0-20.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-util@7.3.0-20.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-kra-0:7.3.0-13.el4.noarch",
"product": {
"name": "rhpki-kra-0:7.3.0-13.el4.noarch",
"product_id": "rhpki-kra-0:7.3.0-13.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-kra@7.3.0-13.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-common-0:7.3.0-40.el4.noarch",
"product": {
"name": "rhpki-common-0:7.3.0-40.el4.noarch",
"product_id": "rhpki-common-0:7.3.0-40.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-common@7.3.0-40.el4?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "rhpki-tps-0:7.3.0-23.el4.x86_64",
"product": {
"name": "rhpki-tps-0:7.3.0-23.el4.x86_64",
"product_id": "rhpki-tps-0:7.3.0-23.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-tps@7.3.0-23.el4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhpki-tps-0:7.3.0-23.el4.i386",
"product": {
"name": "rhpki-tps-0:7.3.0-23.el4.i386",
"product_id": "rhpki-tps-0:7.3.0-23.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-tps@7.3.0-23.el4?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pkisetup-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch"
},
"product_reference": "pkisetup-0:7.3.0-14.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ca-0:7.3.0-17.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch"
},
"product_reference": "rhpki-ca-0:7.3.0-17.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-common-0:7.3.0-40.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch"
},
"product_reference": "rhpki-common-0:7.3.0-40.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-kra-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch"
},
"product_reference": "rhpki-kra-0:7.3.0-13.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ocsp-0:7.3.0-11.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch"
},
"product_reference": "rhpki-ocsp-0:7.3.0-11.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ra-0:7.3.0-67.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch"
},
"product_reference": "rhpki-ra-0:7.3.0-67.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tks-0:7.3.0-12.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch"
},
"product_reference": "rhpki-tks-0:7.3.0-12.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tps-0:7.3.0-23.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386"
},
"product_reference": "rhpki-tps-0:7.3.0-23.el4.i386",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tps-0:7.3.0-23.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64"
},
"product_reference": "rhpki-tps-0:7.3.0-23.el4.x86_64",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-util-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch"
},
"product_reference": "rhpki-util-0:7.3.0-20.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pkisetup-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch"
},
"product_reference": "pkisetup-0:7.3.0-14.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ca-0:7.3.0-17.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch"
},
"product_reference": "rhpki-ca-0:7.3.0-17.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-common-0:7.3.0-40.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch"
},
"product_reference": "rhpki-common-0:7.3.0-40.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-kra-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch"
},
"product_reference": "rhpki-kra-0:7.3.0-13.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ocsp-0:7.3.0-11.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch"
},
"product_reference": "rhpki-ocsp-0:7.3.0-11.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ra-0:7.3.0-67.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch"
},
"product_reference": "rhpki-ra-0:7.3.0-67.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tks-0:7.3.0-12.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch"
},
"product_reference": "rhpki-tks-0:7.3.0-12.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tps-0:7.3.0-23.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386"
},
"product_reference": "rhpki-tps-0:7.3.0-23.el4.i386",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tps-0:7.3.0-23.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64"
},
"product_reference": "rhpki-tps-0:7.3.0-23.el4.x86_64",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-util-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch"
},
"product_reference": "rhpki-util-0:7.3.0-20.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-2367",
"discovery_date": "2007-07-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "451998"
}
],
"notes": [
{
"category": "description",
"text": "Red Hat Certificate System 7.2 uses world-readable permissions for password.conf and unspecified other configuration files, which allows local users to discover passwords by reading these files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "System: insecure config file permissions",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch",
"4AS-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch",
"4AS-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch",
"4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386",
"4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64",
"4AS-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch",
"4ES-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch",
"4ES-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch",
"4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386",
"4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64",
"4ES-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2367"
},
{
"category": "external",
"summary": "RHBZ#451998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=451998"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2367",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2367"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2367",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2367"
}
],
"release_date": "2009-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-01-29T09:31:00+00:00",
"details": "Users running Red Hat Certificate System on Red Hat Enterprise Linux:\n\nBefore applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259\n\nUsers running Red Hat Certificate System on Sun Solaris:\n\nUpdated Solaris packages, in .pkg format, are available in the Red Hat\nCertificate System Solaris channels on the Red Hat Network. This packages\nshould be installed or upgraded using Solaris-native package management\ntools.\n\nFor detailed installation instructions, see Chapter 2, \"Installation and\nConfiguration\", of the Red Hat Certificate System 7.3 Administration Guide:\nhttp://redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Installation_and_Configuration.html",
"product_ids": [
"4AS-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch",
"4AS-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch",
"4AS-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch",
"4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386",
"4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64",
"4AS-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch",
"4ES-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch",
"4ES-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch",
"4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386",
"4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64",
"4ES-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0007"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "System: insecure config file permissions"
},
{
"cve": "CVE-2008-2368",
"discovery_date": "2007-01-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "452000"
}
],
"notes": [
{
"category": "description",
"text": "Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "System: plain text passwords stored in debug log",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch",
"4AS-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch",
"4AS-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch",
"4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386",
"4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64",
"4AS-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch",
"4ES-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch",
"4ES-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch",
"4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386",
"4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64",
"4ES-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2368"
},
{
"category": "external",
"summary": "RHBZ#452000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=452000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2368",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2368"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2368",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2368"
}
],
"release_date": "2009-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-01-29T09:31:00+00:00",
"details": "Users running Red Hat Certificate System on Red Hat Enterprise Linux:\n\nBefore applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259\n\nUsers running Red Hat Certificate System on Sun Solaris:\n\nUpdated Solaris packages, in .pkg format, are available in the Red Hat\nCertificate System Solaris channels on the Red Hat Network. This packages\nshould be installed or upgraded using Solaris-native package management\ntools.\n\nFor detailed installation instructions, see Chapter 2, \"Installation and\nConfiguration\", of the Red Hat Certificate System 7.3 Administration Guide:\nhttp://redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Installation_and_Configuration.html",
"product_ids": [
"4AS-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch",
"4AS-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch",
"4AS-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch",
"4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386",
"4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64",
"4AS-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch",
"4ES-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch",
"4ES-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch",
"4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386",
"4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64",
"4ES-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0007"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "System: plain text passwords stored in debug log"
},
{
"cve": "CVE-2008-5082",
"discovery_date": "2008-11-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "475998"
}
],
"notes": [
{
"category": "description",
"text": "The verifyProof function in the Token Processing System (TPS) component in Red Hat Certificate System (RHCS) 7.1 through 7.3 and Dogtag Certificate System 1.0 returns successfully even when token enrollment did not use the hardware key, which allows remote authenticated users with enrollment privileges to bypass intended authentication policies by performing enrollment with a software key.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "System: missing public key challenge proof verification in the TPS component",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch",
"4AS-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch",
"4AS-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch",
"4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386",
"4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64",
"4AS-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch",
"4ES-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch",
"4ES-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch",
"4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386",
"4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64",
"4ES-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-5082"
},
{
"category": "external",
"summary": "RHBZ#475998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=475998"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-5082",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5082"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5082",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5082"
}
],
"release_date": "2009-01-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-01-29T09:31:00+00:00",
"details": "Users running Red Hat Certificate System on Red Hat Enterprise Linux:\n\nBefore applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259\n\nUsers running Red Hat Certificate System on Sun Solaris:\n\nUpdated Solaris packages, in .pkg format, are available in the Red Hat\nCertificate System Solaris channels on the Red Hat Network. This packages\nshould be installed or upgraded using Solaris-native package management\ntools.\n\nFor detailed installation instructions, see Chapter 2, \"Installation and\nConfiguration\", of the Red Hat Certificate System 7.3 Administration Guide:\nhttp://redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Installation_and_Configuration.html",
"product_ids": [
"4AS-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch",
"4AS-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch",
"4AS-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch",
"4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386",
"4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64",
"4AS-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch",
"4ES-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch",
"4ES-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch",
"4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386",
"4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64",
"4ES-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0007"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "System: missing public key challenge proof verification in the TPS component"
}
]
}
RHSA-2009:0006
Vulnerability from csaf_redhat
Published
2009-01-15 09:50
Modified
2025-09-25 11:37
Summary
Red Hat Security Advisory: rhpki security and bug fix update
Notes
Topic
Updated pkisetup, rhpki-common, rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks,
and rhpki-tps (and rhpki-util for Solaris 9) packages that fix various
security issues and several bugs are now available for Red Hat Certificate
System 7.2.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
Red Hat Certificate System is an enterprise software system designed to
manage enterprise public key infrastructure (PKI) deployments.
It was discovered that Red Hat Certificate System used insecure default
file permissions on certain configuration files (for example,
password.conf) that may contain authentication credentials. These
credentials should only be accessible to administrative and service users.
A local user could use this flaw to read Red Hat Certificate System
configuration files containing sensitive information. (CVE-2008-2367)
It was discovered that Red Hat Certificate System stored plain text
passwords in multiple debug log files with insufficient access restrictions
(such as the UserDirEnrollment log and RA wizard installer log). A local
user could use this flaw to extract plain text passwords from the Red Hat
Certificate System debug log files. (CVE-2008-2368)
These updated packages fix the following bugs:
* Due to a regression, signing a certificate revocation list (CRL) with
approximately 150,000 records may have taken up to five minutes. In these
updated packages, signing such CRLs takes approximately twenty seconds.
* Because Certificate System servers could not handle Online Certificate
Status Protocol (OCSP) requests in the GET method, OCSP GET requests
resulted in a 404 error. The bug for handling GET requests may have also
caused a system to use 100% CPU. This has been resolved. Additionally,
OCSP requests are now logged to the debug log file.
* It was possible for a CRL update to run at the same time as a certificate
status update. Now, CRL updating locks out the certificate status update
thread.
* Inefficient LDAP search methods caused LDAP searches for 100,000 or
more revoked certificates to take twenty minutes or longer during CRL
generation. The LDAP search method has been modified to greatly improve
LDAP search times.
* The default OCSP verification path has changed since Red Hat Certificate
System 7.1. These updated packages add support for certificates that use
the old AuthorityInfoAccess (AIA) URL.
* An OCSP client submitting an OCSP request via the GET method may have
caused a NullPointerException.
* If an agent automatically approved a certificate signing request (CSR),
using AgentCertAuth, the resultant certificate contained blank
subjectAltName extension fields. A manual enrollment by the same agent
produced a certificate with the correct number of subjectAltNames and no
blank entries. With this update, automated enrollments through
AgentCertAuth do not have blank fields in issued certificates.
All users of Red Hat Certificate System 7.2 should upgrade to these updated
packages, which resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated pkisetup, rhpki-common, rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks,\nand rhpki-tps (and rhpki-util for Solaris 9) packages that fix various\nsecurity issues and several bugs are now available for Red Hat Certificate\nSystem 7.2.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Certificate System is an enterprise software system designed to\nmanage enterprise public key infrastructure (PKI) deployments.\n\nIt was discovered that Red Hat Certificate System used insecure default\nfile permissions on certain configuration files (for example,\npassword.conf) that may contain authentication credentials. These \ncredentials should only be accessible to administrative and service users. \nA local user could use this flaw to read Red Hat Certificate System \nconfiguration files containing sensitive information. (CVE-2008-2367)\n\nIt was discovered that Red Hat Certificate System stored plain text\npasswords in multiple debug log files with insufficient access restrictions\n(such as the UserDirEnrollment log and RA wizard installer log). A local\nuser could use this flaw to extract plain text passwords from the Red Hat\nCertificate System debug log files. (CVE-2008-2368)\n\nThese updated packages fix the following bugs:\n\n* Due to a regression, signing a certificate revocation list (CRL) with\napproximately 150,000 records may have taken up to five minutes. In these\nupdated packages, signing such CRLs takes approximately twenty seconds.\n\n* Because Certificate System servers could not handle Online Certificate \nStatus Protocol (OCSP) requests in the GET method, OCSP GET requests \nresulted in a 404 error. The bug for handling GET requests may have also \ncaused a system to use 100% CPU. This has been resolved. Additionally, \nOCSP requests are now logged to the debug log file.\n\n* It was possible for a CRL update to run at the same time as a certificate\nstatus update. Now, CRL updating locks out the certificate status update\nthread.\n\n* Inefficient LDAP search methods caused LDAP searches for 100,000 or \nmore revoked certificates to take twenty minutes or longer during CRL \ngeneration. The LDAP search method has been modified to greatly improve \nLDAP search times.\n\n* The default OCSP verification path has changed since Red Hat Certificate\nSystem 7.1. These updated packages add support for certificates that use\nthe old AuthorityInfoAccess (AIA) URL.\n\n* An OCSP client submitting an OCSP request via the GET method may have \ncaused a NullPointerException.\n\n* If an agent automatically approved a certificate signing request (CSR),\nusing AgentCertAuth, the resultant certificate contained blank \nsubjectAltName extension fields. A manual enrollment by the same agent \nproduced a certificate with the correct number of subjectAltNames and no \nblank entries. With this update, automated enrollments through \nAgentCertAuth do not have blank fields in issued certificates.\n\nAll users of Red Hat Certificate System 7.2 should upgrade to these updated\npackages, which resolve these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2009:0006",
"url": "https://access.redhat.com/errata/RHSA-2009:0006"
},
{
"category": "external",
"summary": "http://www.redhat.com/security/updates/classification/#moderate",
"url": "http://www.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "451998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=451998"
},
{
"category": "external",
"summary": "452000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=452000"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_0006.json"
}
],
"title": "Red Hat Security Advisory: rhpki security and bug fix update",
"tracking": {
"current_release_date": "2025-09-25T11:37:58+00:00",
"generator": {
"date": "2025-09-25T11:37:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.8"
}
},
"id": "RHSA-2009:0006",
"initial_release_date": "2009-01-15T09:50:00+00:00",
"revision_history": [
{
"date": "2009-01-15T09:50:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2009-01-15T04:50:42+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-25T11:37:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Certificate System 7.2 for 4AS",
"product": {
"name": "Red Hat Certificate System 7.2 for 4AS",
"product_id": "4AS-CERT-7.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:certificate_system:7.2"
}
}
},
{
"category": "product_name",
"name": "Red Hat Certificate System 7.2 for 4ES",
"product": {
"name": "Red Hat Certificate System 7.2 for 4ES",
"product_id": "4ES-CERT-7.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:certificate_system:7.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Certificate System"
},
{
"branches": [
{
"category": "product_version",
"name": "rhpki-kra-0:7.2.0-5.noarch",
"product": {
"name": "rhpki-kra-0:7.2.0-5.noarch",
"product_id": "rhpki-kra-0:7.2.0-5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-kra@7.2.0-5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-ocsp-0:7.2.0-5.noarch",
"product": {
"name": "rhpki-ocsp-0:7.2.0-5.noarch",
"product_id": "rhpki-ocsp-0:7.2.0-5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-ocsp@7.2.0-5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-tks-0:7.2.0-5.noarch",
"product": {
"name": "rhpki-tks-0:7.2.0-5.noarch",
"product_id": "rhpki-tks-0:7.2.0-5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-tks@7.2.0-5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-ca-0:7.2.0-6.noarch",
"product": {
"name": "rhpki-ca-0:7.2.0-6.noarch",
"product_id": "rhpki-ca-0:7.2.0-6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-ca@7.2.0-6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pkisetup-0:7.2.0-7.noarch",
"product": {
"name": "pkisetup-0:7.2.0-7.noarch",
"product_id": "pkisetup-0:7.2.0-7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pkisetup@7.2.0-7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-common-0:7.2.0-16.noarch",
"product": {
"name": "rhpki-common-0:7.2.0-16.noarch",
"product_id": "rhpki-common-0:7.2.0-16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-common@7.2.0-16?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "rhpki-tps-0:7.2.0-8.x86_64",
"product": {
"name": "rhpki-tps-0:7.2.0-8.x86_64",
"product_id": "rhpki-tps-0:7.2.0-8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-tps@7.2.0-8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhpki-tps-0:7.2.0-8.i386",
"product": {
"name": "rhpki-tps-0:7.2.0-8.i386",
"product_id": "rhpki-tps-0:7.2.0-8.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-tps@7.2.0-8?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pkisetup-0:7.2.0-7.noarch as a component of Red Hat Certificate System 7.2 for 4AS",
"product_id": "4AS-CERT-7.2:pkisetup-0:7.2.0-7.noarch"
},
"product_reference": "pkisetup-0:7.2.0-7.noarch",
"relates_to_product_reference": "4AS-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ca-0:7.2.0-6.noarch as a component of Red Hat Certificate System 7.2 for 4AS",
"product_id": "4AS-CERT-7.2:rhpki-ca-0:7.2.0-6.noarch"
},
"product_reference": "rhpki-ca-0:7.2.0-6.noarch",
"relates_to_product_reference": "4AS-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-common-0:7.2.0-16.noarch as a component of Red Hat Certificate System 7.2 for 4AS",
"product_id": "4AS-CERT-7.2:rhpki-common-0:7.2.0-16.noarch"
},
"product_reference": "rhpki-common-0:7.2.0-16.noarch",
"relates_to_product_reference": "4AS-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-kra-0:7.2.0-5.noarch as a component of Red Hat Certificate System 7.2 for 4AS",
"product_id": "4AS-CERT-7.2:rhpki-kra-0:7.2.0-5.noarch"
},
"product_reference": "rhpki-kra-0:7.2.0-5.noarch",
"relates_to_product_reference": "4AS-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ocsp-0:7.2.0-5.noarch as a component of Red Hat Certificate System 7.2 for 4AS",
"product_id": "4AS-CERT-7.2:rhpki-ocsp-0:7.2.0-5.noarch"
},
"product_reference": "rhpki-ocsp-0:7.2.0-5.noarch",
"relates_to_product_reference": "4AS-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tks-0:7.2.0-5.noarch as a component of Red Hat Certificate System 7.2 for 4AS",
"product_id": "4AS-CERT-7.2:rhpki-tks-0:7.2.0-5.noarch"
},
"product_reference": "rhpki-tks-0:7.2.0-5.noarch",
"relates_to_product_reference": "4AS-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tps-0:7.2.0-8.i386 as a component of Red Hat Certificate System 7.2 for 4AS",
"product_id": "4AS-CERT-7.2:rhpki-tps-0:7.2.0-8.i386"
},
"product_reference": "rhpki-tps-0:7.2.0-8.i386",
"relates_to_product_reference": "4AS-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tps-0:7.2.0-8.x86_64 as a component of Red Hat Certificate System 7.2 for 4AS",
"product_id": "4AS-CERT-7.2:rhpki-tps-0:7.2.0-8.x86_64"
},
"product_reference": "rhpki-tps-0:7.2.0-8.x86_64",
"relates_to_product_reference": "4AS-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pkisetup-0:7.2.0-7.noarch as a component of Red Hat Certificate System 7.2 for 4ES",
"product_id": "4ES-CERT-7.2:pkisetup-0:7.2.0-7.noarch"
},
"product_reference": "pkisetup-0:7.2.0-7.noarch",
"relates_to_product_reference": "4ES-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ca-0:7.2.0-6.noarch as a component of Red Hat Certificate System 7.2 for 4ES",
"product_id": "4ES-CERT-7.2:rhpki-ca-0:7.2.0-6.noarch"
},
"product_reference": "rhpki-ca-0:7.2.0-6.noarch",
"relates_to_product_reference": "4ES-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-common-0:7.2.0-16.noarch as a component of Red Hat Certificate System 7.2 for 4ES",
"product_id": "4ES-CERT-7.2:rhpki-common-0:7.2.0-16.noarch"
},
"product_reference": "rhpki-common-0:7.2.0-16.noarch",
"relates_to_product_reference": "4ES-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-kra-0:7.2.0-5.noarch as a component of Red Hat Certificate System 7.2 for 4ES",
"product_id": "4ES-CERT-7.2:rhpki-kra-0:7.2.0-5.noarch"
},
"product_reference": "rhpki-kra-0:7.2.0-5.noarch",
"relates_to_product_reference": "4ES-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ocsp-0:7.2.0-5.noarch as a component of Red Hat Certificate System 7.2 for 4ES",
"product_id": "4ES-CERT-7.2:rhpki-ocsp-0:7.2.0-5.noarch"
},
"product_reference": "rhpki-ocsp-0:7.2.0-5.noarch",
"relates_to_product_reference": "4ES-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tks-0:7.2.0-5.noarch as a component of Red Hat Certificate System 7.2 for 4ES",
"product_id": "4ES-CERT-7.2:rhpki-tks-0:7.2.0-5.noarch"
},
"product_reference": "rhpki-tks-0:7.2.0-5.noarch",
"relates_to_product_reference": "4ES-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tps-0:7.2.0-8.i386 as a component of Red Hat Certificate System 7.2 for 4ES",
"product_id": "4ES-CERT-7.2:rhpki-tps-0:7.2.0-8.i386"
},
"product_reference": "rhpki-tps-0:7.2.0-8.i386",
"relates_to_product_reference": "4ES-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tps-0:7.2.0-8.x86_64 as a component of Red Hat Certificate System 7.2 for 4ES",
"product_id": "4ES-CERT-7.2:rhpki-tps-0:7.2.0-8.x86_64"
},
"product_reference": "rhpki-tps-0:7.2.0-8.x86_64",
"relates_to_product_reference": "4ES-CERT-7.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-2367",
"discovery_date": "2007-07-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "451998"
}
],
"notes": [
{
"category": "description",
"text": "Red Hat Certificate System 7.2 uses world-readable permissions for password.conf and unspecified other configuration files, which allows local users to discover passwords by reading these files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "System: insecure config file permissions",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.2:pkisetup-0:7.2.0-7.noarch",
"4AS-CERT-7.2:rhpki-ca-0:7.2.0-6.noarch",
"4AS-CERT-7.2:rhpki-common-0:7.2.0-16.noarch",
"4AS-CERT-7.2:rhpki-kra-0:7.2.0-5.noarch",
"4AS-CERT-7.2:rhpki-ocsp-0:7.2.0-5.noarch",
"4AS-CERT-7.2:rhpki-tks-0:7.2.0-5.noarch",
"4AS-CERT-7.2:rhpki-tps-0:7.2.0-8.i386",
"4AS-CERT-7.2:rhpki-tps-0:7.2.0-8.x86_64",
"4ES-CERT-7.2:pkisetup-0:7.2.0-7.noarch",
"4ES-CERT-7.2:rhpki-ca-0:7.2.0-6.noarch",
"4ES-CERT-7.2:rhpki-common-0:7.2.0-16.noarch",
"4ES-CERT-7.2:rhpki-kra-0:7.2.0-5.noarch",
"4ES-CERT-7.2:rhpki-ocsp-0:7.2.0-5.noarch",
"4ES-CERT-7.2:rhpki-tks-0:7.2.0-5.noarch",
"4ES-CERT-7.2:rhpki-tps-0:7.2.0-8.i386",
"4ES-CERT-7.2:rhpki-tps-0:7.2.0-8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2367"
},
{
"category": "external",
"summary": "RHBZ#451998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=451998"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2367",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2367"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2367",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2367"
}
],
"release_date": "2009-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-01-15T09:50:00+00:00",
"details": "Users running Red Hat Certificate System on Red Hat Enterprise Linux:\n\nBefore applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259\n\nUsers running Red Hat Certificate System on Sun Solaris:\n\nUpdated Solaris packages in .pkg format are available in the Red Hat\nCertificate System Solaris channels on the Red Hat Network. These packages\nshould be installed/upgraded using Solaris native package management tools.\n\nRefer to the Red Hat Certificate System Administration Guide for\ninstallation instructions:\nhttp://www.redhat.com/docs/manuals/cert-system/",
"product_ids": [
"4AS-CERT-7.2:pkisetup-0:7.2.0-7.noarch",
"4AS-CERT-7.2:rhpki-ca-0:7.2.0-6.noarch",
"4AS-CERT-7.2:rhpki-common-0:7.2.0-16.noarch",
"4AS-CERT-7.2:rhpki-kra-0:7.2.0-5.noarch",
"4AS-CERT-7.2:rhpki-ocsp-0:7.2.0-5.noarch",
"4AS-CERT-7.2:rhpki-tks-0:7.2.0-5.noarch",
"4AS-CERT-7.2:rhpki-tps-0:7.2.0-8.i386",
"4AS-CERT-7.2:rhpki-tps-0:7.2.0-8.x86_64",
"4ES-CERT-7.2:pkisetup-0:7.2.0-7.noarch",
"4ES-CERT-7.2:rhpki-ca-0:7.2.0-6.noarch",
"4ES-CERT-7.2:rhpki-common-0:7.2.0-16.noarch",
"4ES-CERT-7.2:rhpki-kra-0:7.2.0-5.noarch",
"4ES-CERT-7.2:rhpki-ocsp-0:7.2.0-5.noarch",
"4ES-CERT-7.2:rhpki-tks-0:7.2.0-5.noarch",
"4ES-CERT-7.2:rhpki-tps-0:7.2.0-8.i386",
"4ES-CERT-7.2:rhpki-tps-0:7.2.0-8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0006"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "System: insecure config file permissions"
},
{
"cve": "CVE-2008-2368",
"discovery_date": "2007-01-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "452000"
}
],
"notes": [
{
"category": "description",
"text": "Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "System: plain text passwords stored in debug log",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.2:pkisetup-0:7.2.0-7.noarch",
"4AS-CERT-7.2:rhpki-ca-0:7.2.0-6.noarch",
"4AS-CERT-7.2:rhpki-common-0:7.2.0-16.noarch",
"4AS-CERT-7.2:rhpki-kra-0:7.2.0-5.noarch",
"4AS-CERT-7.2:rhpki-ocsp-0:7.2.0-5.noarch",
"4AS-CERT-7.2:rhpki-tks-0:7.2.0-5.noarch",
"4AS-CERT-7.2:rhpki-tps-0:7.2.0-8.i386",
"4AS-CERT-7.2:rhpki-tps-0:7.2.0-8.x86_64",
"4ES-CERT-7.2:pkisetup-0:7.2.0-7.noarch",
"4ES-CERT-7.2:rhpki-ca-0:7.2.0-6.noarch",
"4ES-CERT-7.2:rhpki-common-0:7.2.0-16.noarch",
"4ES-CERT-7.2:rhpki-kra-0:7.2.0-5.noarch",
"4ES-CERT-7.2:rhpki-ocsp-0:7.2.0-5.noarch",
"4ES-CERT-7.2:rhpki-tks-0:7.2.0-5.noarch",
"4ES-CERT-7.2:rhpki-tps-0:7.2.0-8.i386",
"4ES-CERT-7.2:rhpki-tps-0:7.2.0-8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2368"
},
{
"category": "external",
"summary": "RHBZ#452000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=452000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2368",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2368"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2368",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2368"
}
],
"release_date": "2009-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-01-15T09:50:00+00:00",
"details": "Users running Red Hat Certificate System on Red Hat Enterprise Linux:\n\nBefore applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259\n\nUsers running Red Hat Certificate System on Sun Solaris:\n\nUpdated Solaris packages in .pkg format are available in the Red Hat\nCertificate System Solaris channels on the Red Hat Network. These packages\nshould be installed/upgraded using Solaris native package management tools.\n\nRefer to the Red Hat Certificate System Administration Guide for\ninstallation instructions:\nhttp://www.redhat.com/docs/manuals/cert-system/",
"product_ids": [
"4AS-CERT-7.2:pkisetup-0:7.2.0-7.noarch",
"4AS-CERT-7.2:rhpki-ca-0:7.2.0-6.noarch",
"4AS-CERT-7.2:rhpki-common-0:7.2.0-16.noarch",
"4AS-CERT-7.2:rhpki-kra-0:7.2.0-5.noarch",
"4AS-CERT-7.2:rhpki-ocsp-0:7.2.0-5.noarch",
"4AS-CERT-7.2:rhpki-tks-0:7.2.0-5.noarch",
"4AS-CERT-7.2:rhpki-tps-0:7.2.0-8.i386",
"4AS-CERT-7.2:rhpki-tps-0:7.2.0-8.x86_64",
"4ES-CERT-7.2:pkisetup-0:7.2.0-7.noarch",
"4ES-CERT-7.2:rhpki-ca-0:7.2.0-6.noarch",
"4ES-CERT-7.2:rhpki-common-0:7.2.0-16.noarch",
"4ES-CERT-7.2:rhpki-kra-0:7.2.0-5.noarch",
"4ES-CERT-7.2:rhpki-ocsp-0:7.2.0-5.noarch",
"4ES-CERT-7.2:rhpki-tks-0:7.2.0-5.noarch",
"4ES-CERT-7.2:rhpki-tps-0:7.2.0-8.i386",
"4ES-CERT-7.2:rhpki-tps-0:7.2.0-8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0006"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "System: plain text passwords stored in debug log"
}
]
}
rhsa-2009_0007
Vulnerability from csaf_redhat
Published
2009-01-29 09:31
Modified
2024-11-22 02:07
Summary
Red Hat Security Advisory: rhpki security and bug fix update
Notes
Topic
Updated rhpki-common packages that fix security issues are now available
for Red Hat Certificate System 7.3.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
Red Hat Certificate System (RHCS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.
It was discovered that Red Hat Certificate System used insecure default
file permissions on certain configuration files (for example,
password.conf) that may contain authentication credentials. These
credentials should only be accessible to administrative and service users.
A local user could use this flaw to read Red Hat Certificate System
configuration files containing sensitive information. (CVE-2008-2367)
It was discovered that Red Hat Certificate System stored plain text
passwords in multiple debug log files with insufficient access restrictions
(for example, the UserDirEnrollment log and the RA wizard installer log). A
local user could use this flaw to extract plain text passwords from the Red
Hat Certificate System debug log files. (CVE-2008-2368)
It was discovered that the Token Processing System (TPS) component of the
Red Hat Certificate System did not properly verify the challenge response
received during the enrollment of a new security token. An attacker with
access to a blank token known to the TPS component and with privileges to
perform new token enrollments could use this flaw to complete the
enrollment procedure with a software-generated key instead of the key
stored in the hardware token. (CVE-2008-5082)
These updated packages fix the following bugs:
* The end-entities enrollment pages have been updated to support the
certenroll.dll library used on Microsoft Vista, so Internet Explorer can
be used on to enroll certificates on Vista.
* The password used by the LDAP publisher was improperly stored in the CA
configuration. This essentially required that the LDAP publishing password
had to be the same as the internal database (LDAP directory) password, or
LDAP publishing would break. A new parameter was added to the CA CS.cfg
file to define an LDAP publishing password parameter in the CA's
password.conf file.
* The secure ports used by subsystem interfaces — the administrative
console, agent pages, and end-entities pages — are, by default, the same.
It is possible with this errata to run those services on separate port,
which provides additional protection by prohibiting agents and users from
accessing the same TCP port and web services directory.
* The certificate policies extension was not processed by CMSServlet.
* Any IP Address defined in a certificate's SubjectAltName parameter was
improperly coded as an 8-byte number, with the last 4 bytes trailing zeros
(00 00 00 00).
* The subject name uniqueness plug-in in the CA profiles, which enforces
unique names for all active certificates, would reject a certificate
request which reused a subject name even if the previous certificate had
been revoked or expired.
* The TPS dependences have been changed from MozLDAP5 to MozLDAP6.
All users of Red Hat Certificate System 7.3 should upgrade to these updated
packages, which resolves these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated rhpki-common packages that fix security issues are now available\nfor Red Hat Certificate System 7.3.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Certificate System (RHCS) is an enterprise software system designed\nto manage enterprise Public Key Infrastructure (PKI) deployments.\n\nIt was discovered that Red Hat Certificate System used insecure default\nfile permissions on certain configuration files (for example,\npassword.conf) that may contain authentication credentials. These \ncredentials should only be accessible to administrative and service users. \nA local user could use this flaw to read Red Hat Certificate System \nconfiguration files containing sensitive information. (CVE-2008-2367)\n\nIt was discovered that Red Hat Certificate System stored plain text\npasswords in multiple debug log files with insufficient access restrictions\n(for example, the UserDirEnrollment log and the RA wizard installer log). A\nlocal user could use this flaw to extract plain text passwords from the Red\nHat Certificate System debug log files. (CVE-2008-2368)\n\nIt was discovered that the Token Processing System (TPS) component of the\nRed Hat Certificate System did not properly verify the challenge response\nreceived during the enrollment of a new security token. An attacker with\naccess to a blank token known to the TPS component and with privileges to\nperform new token enrollments could use this flaw to complete the\nenrollment procedure with a software-generated key instead of the key\nstored in the hardware token. (CVE-2008-5082)\n\nThese updated packages fix the following bugs:\n\n* The end-entities enrollment pages have been updated to support the \ncertenroll.dll library used on Microsoft Vista, so Internet Explorer can \nbe used on to enroll certificates on Vista.\n\n* The password used by the LDAP publisher was improperly stored in the CA \nconfiguration. This essentially required that the LDAP publishing password\nhad to be the same as the internal database (LDAP directory) password, or \nLDAP publishing would break. A new parameter was added to the CA CS.cfg \nfile to define an LDAP publishing password parameter in the CA\u0027s \npassword.conf file.\n\n* The secure ports used by subsystem interfaces \u2014 the administrative \nconsole, agent pages, and end-entities pages \u2014 are, by default, the same. \nIt is possible with this errata to run those services on separate port,\nwhich provides additional protection by prohibiting agents and users from\naccessing the same TCP port and web services directory.\n\n* The certificate policies extension was not processed by CMSServlet.\n\n* Any IP Address defined in a certificate\u0027s SubjectAltName parameter was \nimproperly coded as an 8-byte number, with the last 4 bytes trailing zeros \n(00 00 00 00).\n\n* The subject name uniqueness plug-in in the CA profiles, which enforces \nunique names for all active certificates, would reject a certificate \nrequest which reused a subject name even if the previous certificate had \nbeen revoked or expired.\n\n* The TPS dependences have been changed from MozLDAP5 to MozLDAP6.\n\nAll users of Red Hat Certificate System 7.3 should upgrade to these updated\npackages, which resolves these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2009:0007",
"url": "https://access.redhat.com/errata/RHSA-2009:0007"
},
{
"category": "external",
"summary": "http://www.redhat.com/security/updates/classification/#moderate",
"url": "http://www.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "451998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=451998"
},
{
"category": "external",
"summary": "452000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=452000"
},
{
"category": "external",
"summary": "459049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459049"
},
{
"category": "external",
"summary": "475998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=475998"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_0007.json"
}
],
"title": "Red Hat Security Advisory: rhpki security and bug fix update",
"tracking": {
"current_release_date": "2024-11-22T02:07:36+00:00",
"generator": {
"date": "2024-11-22T02:07:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2009:0007",
"initial_release_date": "2009-01-29T09:31:00+00:00",
"revision_history": [
{
"date": "2009-01-29T09:31:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2009-01-29T04:31:12+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T02:07:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Certificate System 7.3 for 4AS",
"product": {
"name": "Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:certificate_system:7.3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Certificate System 7.3 for 4ES",
"product": {
"name": "Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:certificate_system:7.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat Certificate System"
},
{
"branches": [
{
"category": "product_version",
"name": "pkisetup-0:7.3.0-14.el4.noarch",
"product": {
"name": "pkisetup-0:7.3.0-14.el4.noarch",
"product_id": "pkisetup-0:7.3.0-14.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pkisetup@7.3.0-14.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-ocsp-0:7.3.0-11.el4.noarch",
"product": {
"name": "rhpki-ocsp-0:7.3.0-11.el4.noarch",
"product_id": "rhpki-ocsp-0:7.3.0-11.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-ocsp@7.3.0-11.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-ra-0:7.3.0-67.el4.noarch",
"product": {
"name": "rhpki-ra-0:7.3.0-67.el4.noarch",
"product_id": "rhpki-ra-0:7.3.0-67.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-ra@7.3.0-67.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-ca-0:7.3.0-17.el4.noarch",
"product": {
"name": "rhpki-ca-0:7.3.0-17.el4.noarch",
"product_id": "rhpki-ca-0:7.3.0-17.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-ca@7.3.0-17.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-tks-0:7.3.0-12.el4.noarch",
"product": {
"name": "rhpki-tks-0:7.3.0-12.el4.noarch",
"product_id": "rhpki-tks-0:7.3.0-12.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-tks@7.3.0-12.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-util-0:7.3.0-20.el4.noarch",
"product": {
"name": "rhpki-util-0:7.3.0-20.el4.noarch",
"product_id": "rhpki-util-0:7.3.0-20.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-util@7.3.0-20.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-kra-0:7.3.0-13.el4.noarch",
"product": {
"name": "rhpki-kra-0:7.3.0-13.el4.noarch",
"product_id": "rhpki-kra-0:7.3.0-13.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-kra@7.3.0-13.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-common-0:7.3.0-40.el4.noarch",
"product": {
"name": "rhpki-common-0:7.3.0-40.el4.noarch",
"product_id": "rhpki-common-0:7.3.0-40.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-common@7.3.0-40.el4?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "rhpki-tps-0:7.3.0-23.el4.x86_64",
"product": {
"name": "rhpki-tps-0:7.3.0-23.el4.x86_64",
"product_id": "rhpki-tps-0:7.3.0-23.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-tps@7.3.0-23.el4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhpki-tps-0:7.3.0-23.el4.i386",
"product": {
"name": "rhpki-tps-0:7.3.0-23.el4.i386",
"product_id": "rhpki-tps-0:7.3.0-23.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-tps@7.3.0-23.el4?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pkisetup-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch"
},
"product_reference": "pkisetup-0:7.3.0-14.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ca-0:7.3.0-17.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch"
},
"product_reference": "rhpki-ca-0:7.3.0-17.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-common-0:7.3.0-40.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch"
},
"product_reference": "rhpki-common-0:7.3.0-40.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-kra-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch"
},
"product_reference": "rhpki-kra-0:7.3.0-13.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ocsp-0:7.3.0-11.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch"
},
"product_reference": "rhpki-ocsp-0:7.3.0-11.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ra-0:7.3.0-67.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch"
},
"product_reference": "rhpki-ra-0:7.3.0-67.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tks-0:7.3.0-12.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch"
},
"product_reference": "rhpki-tks-0:7.3.0-12.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tps-0:7.3.0-23.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386"
},
"product_reference": "rhpki-tps-0:7.3.0-23.el4.i386",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tps-0:7.3.0-23.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64"
},
"product_reference": "rhpki-tps-0:7.3.0-23.el4.x86_64",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-util-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch"
},
"product_reference": "rhpki-util-0:7.3.0-20.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pkisetup-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch"
},
"product_reference": "pkisetup-0:7.3.0-14.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ca-0:7.3.0-17.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch"
},
"product_reference": "rhpki-ca-0:7.3.0-17.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-common-0:7.3.0-40.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch"
},
"product_reference": "rhpki-common-0:7.3.0-40.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-kra-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch"
},
"product_reference": "rhpki-kra-0:7.3.0-13.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ocsp-0:7.3.0-11.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch"
},
"product_reference": "rhpki-ocsp-0:7.3.0-11.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ra-0:7.3.0-67.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch"
},
"product_reference": "rhpki-ra-0:7.3.0-67.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tks-0:7.3.0-12.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch"
},
"product_reference": "rhpki-tks-0:7.3.0-12.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tps-0:7.3.0-23.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386"
},
"product_reference": "rhpki-tps-0:7.3.0-23.el4.i386",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tps-0:7.3.0-23.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64"
},
"product_reference": "rhpki-tps-0:7.3.0-23.el4.x86_64",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-util-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch"
},
"product_reference": "rhpki-util-0:7.3.0-20.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-2367",
"discovery_date": "2007-07-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "451998"
}
],
"notes": [
{
"category": "description",
"text": "Red Hat Certificate System 7.2 uses world-readable permissions for password.conf and unspecified other configuration files, which allows local users to discover passwords by reading these files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "System: insecure config file permissions",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch",
"4AS-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch",
"4AS-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch",
"4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386",
"4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64",
"4AS-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch",
"4ES-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch",
"4ES-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch",
"4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386",
"4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64",
"4ES-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2367"
},
{
"category": "external",
"summary": "RHBZ#451998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=451998"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2367",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2367"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2367",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2367"
}
],
"release_date": "2009-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-01-29T09:31:00+00:00",
"details": "Users running Red Hat Certificate System on Red Hat Enterprise Linux:\n\nBefore applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259\n\nUsers running Red Hat Certificate System on Sun Solaris:\n\nUpdated Solaris packages, in .pkg format, are available in the Red Hat\nCertificate System Solaris channels on the Red Hat Network. This packages\nshould be installed or upgraded using Solaris-native package management\ntools.\n\nFor detailed installation instructions, see Chapter 2, \"Installation and\nConfiguration\", of the Red Hat Certificate System 7.3 Administration Guide:\nhttp://redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Installation_and_Configuration.html",
"product_ids": [
"4AS-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch",
"4AS-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch",
"4AS-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch",
"4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386",
"4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64",
"4AS-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch",
"4ES-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch",
"4ES-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch",
"4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386",
"4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64",
"4ES-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0007"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "System: insecure config file permissions"
},
{
"cve": "CVE-2008-2368",
"discovery_date": "2007-01-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "452000"
}
],
"notes": [
{
"category": "description",
"text": "Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "System: plain text passwords stored in debug log",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch",
"4AS-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch",
"4AS-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch",
"4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386",
"4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64",
"4AS-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch",
"4ES-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch",
"4ES-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch",
"4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386",
"4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64",
"4ES-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2368"
},
{
"category": "external",
"summary": "RHBZ#452000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=452000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2368",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2368"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2368",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2368"
}
],
"release_date": "2009-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-01-29T09:31:00+00:00",
"details": "Users running Red Hat Certificate System on Red Hat Enterprise Linux:\n\nBefore applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259\n\nUsers running Red Hat Certificate System on Sun Solaris:\n\nUpdated Solaris packages, in .pkg format, are available in the Red Hat\nCertificate System Solaris channels on the Red Hat Network. This packages\nshould be installed or upgraded using Solaris-native package management\ntools.\n\nFor detailed installation instructions, see Chapter 2, \"Installation and\nConfiguration\", of the Red Hat Certificate System 7.3 Administration Guide:\nhttp://redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Installation_and_Configuration.html",
"product_ids": [
"4AS-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch",
"4AS-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch",
"4AS-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch",
"4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386",
"4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64",
"4AS-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch",
"4ES-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch",
"4ES-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch",
"4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386",
"4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64",
"4ES-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0007"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "System: plain text passwords stored in debug log"
},
{
"cve": "CVE-2008-5082",
"discovery_date": "2008-11-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "475998"
}
],
"notes": [
{
"category": "description",
"text": "The verifyProof function in the Token Processing System (TPS) component in Red Hat Certificate System (RHCS) 7.1 through 7.3 and Dogtag Certificate System 1.0 returns successfully even when token enrollment did not use the hardware key, which allows remote authenticated users with enrollment privileges to bypass intended authentication policies by performing enrollment with a software key.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "System: missing public key challenge proof verification in the TPS component",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch",
"4AS-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch",
"4AS-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch",
"4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386",
"4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64",
"4AS-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch",
"4ES-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch",
"4ES-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch",
"4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386",
"4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64",
"4ES-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-5082"
},
{
"category": "external",
"summary": "RHBZ#475998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=475998"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-5082",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5082"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5082",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5082"
}
],
"release_date": "2009-01-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-01-29T09:31:00+00:00",
"details": "Users running Red Hat Certificate System on Red Hat Enterprise Linux:\n\nBefore applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259\n\nUsers running Red Hat Certificate System on Sun Solaris:\n\nUpdated Solaris packages, in .pkg format, are available in the Red Hat\nCertificate System Solaris channels on the Red Hat Network. This packages\nshould be installed or upgraded using Solaris-native package management\ntools.\n\nFor detailed installation instructions, see Chapter 2, \"Installation and\nConfiguration\", of the Red Hat Certificate System 7.3 Administration Guide:\nhttp://redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Installation_and_Configuration.html",
"product_ids": [
"4AS-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch",
"4AS-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch",
"4AS-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch",
"4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386",
"4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64",
"4AS-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch",
"4ES-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch",
"4ES-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch",
"4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386",
"4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64",
"4ES-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0007"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "System: missing public key challenge proof verification in the TPS component"
}
]
}
rhsa-2009:0006
Vulnerability from csaf_redhat
Published
2009-01-15 09:50
Modified
2025-09-25 11:37
Summary
Red Hat Security Advisory: rhpki security and bug fix update
Notes
Topic
Updated pkisetup, rhpki-common, rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks,
and rhpki-tps (and rhpki-util for Solaris 9) packages that fix various
security issues and several bugs are now available for Red Hat Certificate
System 7.2.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
Red Hat Certificate System is an enterprise software system designed to
manage enterprise public key infrastructure (PKI) deployments.
It was discovered that Red Hat Certificate System used insecure default
file permissions on certain configuration files (for example,
password.conf) that may contain authentication credentials. These
credentials should only be accessible to administrative and service users.
A local user could use this flaw to read Red Hat Certificate System
configuration files containing sensitive information. (CVE-2008-2367)
It was discovered that Red Hat Certificate System stored plain text
passwords in multiple debug log files with insufficient access restrictions
(such as the UserDirEnrollment log and RA wizard installer log). A local
user could use this flaw to extract plain text passwords from the Red Hat
Certificate System debug log files. (CVE-2008-2368)
These updated packages fix the following bugs:
* Due to a regression, signing a certificate revocation list (CRL) with
approximately 150,000 records may have taken up to five minutes. In these
updated packages, signing such CRLs takes approximately twenty seconds.
* Because Certificate System servers could not handle Online Certificate
Status Protocol (OCSP) requests in the GET method, OCSP GET requests
resulted in a 404 error. The bug for handling GET requests may have also
caused a system to use 100% CPU. This has been resolved. Additionally,
OCSP requests are now logged to the debug log file.
* It was possible for a CRL update to run at the same time as a certificate
status update. Now, CRL updating locks out the certificate status update
thread.
* Inefficient LDAP search methods caused LDAP searches for 100,000 or
more revoked certificates to take twenty minutes or longer during CRL
generation. The LDAP search method has been modified to greatly improve
LDAP search times.
* The default OCSP verification path has changed since Red Hat Certificate
System 7.1. These updated packages add support for certificates that use
the old AuthorityInfoAccess (AIA) URL.
* An OCSP client submitting an OCSP request via the GET method may have
caused a NullPointerException.
* If an agent automatically approved a certificate signing request (CSR),
using AgentCertAuth, the resultant certificate contained blank
subjectAltName extension fields. A manual enrollment by the same agent
produced a certificate with the correct number of subjectAltNames and no
blank entries. With this update, automated enrollments through
AgentCertAuth do not have blank fields in issued certificates.
All users of Red Hat Certificate System 7.2 should upgrade to these updated
packages, which resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated pkisetup, rhpki-common, rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks,\nand rhpki-tps (and rhpki-util for Solaris 9) packages that fix various\nsecurity issues and several bugs are now available for Red Hat Certificate\nSystem 7.2.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Certificate System is an enterprise software system designed to\nmanage enterprise public key infrastructure (PKI) deployments.\n\nIt was discovered that Red Hat Certificate System used insecure default\nfile permissions on certain configuration files (for example,\npassword.conf) that may contain authentication credentials. These \ncredentials should only be accessible to administrative and service users. \nA local user could use this flaw to read Red Hat Certificate System \nconfiguration files containing sensitive information. (CVE-2008-2367)\n\nIt was discovered that Red Hat Certificate System stored plain text\npasswords in multiple debug log files with insufficient access restrictions\n(such as the UserDirEnrollment log and RA wizard installer log). A local\nuser could use this flaw to extract plain text passwords from the Red Hat\nCertificate System debug log files. (CVE-2008-2368)\n\nThese updated packages fix the following bugs:\n\n* Due to a regression, signing a certificate revocation list (CRL) with\napproximately 150,000 records may have taken up to five minutes. In these\nupdated packages, signing such CRLs takes approximately twenty seconds.\n\n* Because Certificate System servers could not handle Online Certificate \nStatus Protocol (OCSP) requests in the GET method, OCSP GET requests \nresulted in a 404 error. The bug for handling GET requests may have also \ncaused a system to use 100% CPU. This has been resolved. Additionally, \nOCSP requests are now logged to the debug log file.\n\n* It was possible for a CRL update to run at the same time as a certificate\nstatus update. Now, CRL updating locks out the certificate status update\nthread.\n\n* Inefficient LDAP search methods caused LDAP searches for 100,000 or \nmore revoked certificates to take twenty minutes or longer during CRL \ngeneration. The LDAP search method has been modified to greatly improve \nLDAP search times.\n\n* The default OCSP verification path has changed since Red Hat Certificate\nSystem 7.1. These updated packages add support for certificates that use\nthe old AuthorityInfoAccess (AIA) URL.\n\n* An OCSP client submitting an OCSP request via the GET method may have \ncaused a NullPointerException.\n\n* If an agent automatically approved a certificate signing request (CSR),\nusing AgentCertAuth, the resultant certificate contained blank \nsubjectAltName extension fields. A manual enrollment by the same agent \nproduced a certificate with the correct number of subjectAltNames and no \nblank entries. With this update, automated enrollments through \nAgentCertAuth do not have blank fields in issued certificates.\n\nAll users of Red Hat Certificate System 7.2 should upgrade to these updated\npackages, which resolve these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2009:0006",
"url": "https://access.redhat.com/errata/RHSA-2009:0006"
},
{
"category": "external",
"summary": "http://www.redhat.com/security/updates/classification/#moderate",
"url": "http://www.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "451998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=451998"
},
{
"category": "external",
"summary": "452000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=452000"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_0006.json"
}
],
"title": "Red Hat Security Advisory: rhpki security and bug fix update",
"tracking": {
"current_release_date": "2025-09-25T11:37:58+00:00",
"generator": {
"date": "2025-09-25T11:37:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.8"
}
},
"id": "RHSA-2009:0006",
"initial_release_date": "2009-01-15T09:50:00+00:00",
"revision_history": [
{
"date": "2009-01-15T09:50:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2009-01-15T04:50:42+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-25T11:37:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Certificate System 7.2 for 4AS",
"product": {
"name": "Red Hat Certificate System 7.2 for 4AS",
"product_id": "4AS-CERT-7.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:certificate_system:7.2"
}
}
},
{
"category": "product_name",
"name": "Red Hat Certificate System 7.2 for 4ES",
"product": {
"name": "Red Hat Certificate System 7.2 for 4ES",
"product_id": "4ES-CERT-7.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:certificate_system:7.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Certificate System"
},
{
"branches": [
{
"category": "product_version",
"name": "rhpki-kra-0:7.2.0-5.noarch",
"product": {
"name": "rhpki-kra-0:7.2.0-5.noarch",
"product_id": "rhpki-kra-0:7.2.0-5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-kra@7.2.0-5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-ocsp-0:7.2.0-5.noarch",
"product": {
"name": "rhpki-ocsp-0:7.2.0-5.noarch",
"product_id": "rhpki-ocsp-0:7.2.0-5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-ocsp@7.2.0-5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-tks-0:7.2.0-5.noarch",
"product": {
"name": "rhpki-tks-0:7.2.0-5.noarch",
"product_id": "rhpki-tks-0:7.2.0-5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-tks@7.2.0-5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-ca-0:7.2.0-6.noarch",
"product": {
"name": "rhpki-ca-0:7.2.0-6.noarch",
"product_id": "rhpki-ca-0:7.2.0-6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-ca@7.2.0-6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pkisetup-0:7.2.0-7.noarch",
"product": {
"name": "pkisetup-0:7.2.0-7.noarch",
"product_id": "pkisetup-0:7.2.0-7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pkisetup@7.2.0-7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-common-0:7.2.0-16.noarch",
"product": {
"name": "rhpki-common-0:7.2.0-16.noarch",
"product_id": "rhpki-common-0:7.2.0-16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-common@7.2.0-16?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "rhpki-tps-0:7.2.0-8.x86_64",
"product": {
"name": "rhpki-tps-0:7.2.0-8.x86_64",
"product_id": "rhpki-tps-0:7.2.0-8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-tps@7.2.0-8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhpki-tps-0:7.2.0-8.i386",
"product": {
"name": "rhpki-tps-0:7.2.0-8.i386",
"product_id": "rhpki-tps-0:7.2.0-8.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-tps@7.2.0-8?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pkisetup-0:7.2.0-7.noarch as a component of Red Hat Certificate System 7.2 for 4AS",
"product_id": "4AS-CERT-7.2:pkisetup-0:7.2.0-7.noarch"
},
"product_reference": "pkisetup-0:7.2.0-7.noarch",
"relates_to_product_reference": "4AS-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ca-0:7.2.0-6.noarch as a component of Red Hat Certificate System 7.2 for 4AS",
"product_id": "4AS-CERT-7.2:rhpki-ca-0:7.2.0-6.noarch"
},
"product_reference": "rhpki-ca-0:7.2.0-6.noarch",
"relates_to_product_reference": "4AS-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-common-0:7.2.0-16.noarch as a component of Red Hat Certificate System 7.2 for 4AS",
"product_id": "4AS-CERT-7.2:rhpki-common-0:7.2.0-16.noarch"
},
"product_reference": "rhpki-common-0:7.2.0-16.noarch",
"relates_to_product_reference": "4AS-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-kra-0:7.2.0-5.noarch as a component of Red Hat Certificate System 7.2 for 4AS",
"product_id": "4AS-CERT-7.2:rhpki-kra-0:7.2.0-5.noarch"
},
"product_reference": "rhpki-kra-0:7.2.0-5.noarch",
"relates_to_product_reference": "4AS-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ocsp-0:7.2.0-5.noarch as a component of Red Hat Certificate System 7.2 for 4AS",
"product_id": "4AS-CERT-7.2:rhpki-ocsp-0:7.2.0-5.noarch"
},
"product_reference": "rhpki-ocsp-0:7.2.0-5.noarch",
"relates_to_product_reference": "4AS-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tks-0:7.2.0-5.noarch as a component of Red Hat Certificate System 7.2 for 4AS",
"product_id": "4AS-CERT-7.2:rhpki-tks-0:7.2.0-5.noarch"
},
"product_reference": "rhpki-tks-0:7.2.0-5.noarch",
"relates_to_product_reference": "4AS-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tps-0:7.2.0-8.i386 as a component of Red Hat Certificate System 7.2 for 4AS",
"product_id": "4AS-CERT-7.2:rhpki-tps-0:7.2.0-8.i386"
},
"product_reference": "rhpki-tps-0:7.2.0-8.i386",
"relates_to_product_reference": "4AS-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tps-0:7.2.0-8.x86_64 as a component of Red Hat Certificate System 7.2 for 4AS",
"product_id": "4AS-CERT-7.2:rhpki-tps-0:7.2.0-8.x86_64"
},
"product_reference": "rhpki-tps-0:7.2.0-8.x86_64",
"relates_to_product_reference": "4AS-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pkisetup-0:7.2.0-7.noarch as a component of Red Hat Certificate System 7.2 for 4ES",
"product_id": "4ES-CERT-7.2:pkisetup-0:7.2.0-7.noarch"
},
"product_reference": "pkisetup-0:7.2.0-7.noarch",
"relates_to_product_reference": "4ES-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ca-0:7.2.0-6.noarch as a component of Red Hat Certificate System 7.2 for 4ES",
"product_id": "4ES-CERT-7.2:rhpki-ca-0:7.2.0-6.noarch"
},
"product_reference": "rhpki-ca-0:7.2.0-6.noarch",
"relates_to_product_reference": "4ES-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-common-0:7.2.0-16.noarch as a component of Red Hat Certificate System 7.2 for 4ES",
"product_id": "4ES-CERT-7.2:rhpki-common-0:7.2.0-16.noarch"
},
"product_reference": "rhpki-common-0:7.2.0-16.noarch",
"relates_to_product_reference": "4ES-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-kra-0:7.2.0-5.noarch as a component of Red Hat Certificate System 7.2 for 4ES",
"product_id": "4ES-CERT-7.2:rhpki-kra-0:7.2.0-5.noarch"
},
"product_reference": "rhpki-kra-0:7.2.0-5.noarch",
"relates_to_product_reference": "4ES-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ocsp-0:7.2.0-5.noarch as a component of Red Hat Certificate System 7.2 for 4ES",
"product_id": "4ES-CERT-7.2:rhpki-ocsp-0:7.2.0-5.noarch"
},
"product_reference": "rhpki-ocsp-0:7.2.0-5.noarch",
"relates_to_product_reference": "4ES-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tks-0:7.2.0-5.noarch as a component of Red Hat Certificate System 7.2 for 4ES",
"product_id": "4ES-CERT-7.2:rhpki-tks-0:7.2.0-5.noarch"
},
"product_reference": "rhpki-tks-0:7.2.0-5.noarch",
"relates_to_product_reference": "4ES-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tps-0:7.2.0-8.i386 as a component of Red Hat Certificate System 7.2 for 4ES",
"product_id": "4ES-CERT-7.2:rhpki-tps-0:7.2.0-8.i386"
},
"product_reference": "rhpki-tps-0:7.2.0-8.i386",
"relates_to_product_reference": "4ES-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tps-0:7.2.0-8.x86_64 as a component of Red Hat Certificate System 7.2 for 4ES",
"product_id": "4ES-CERT-7.2:rhpki-tps-0:7.2.0-8.x86_64"
},
"product_reference": "rhpki-tps-0:7.2.0-8.x86_64",
"relates_to_product_reference": "4ES-CERT-7.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-2367",
"discovery_date": "2007-07-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "451998"
}
],
"notes": [
{
"category": "description",
"text": "Red Hat Certificate System 7.2 uses world-readable permissions for password.conf and unspecified other configuration files, which allows local users to discover passwords by reading these files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "System: insecure config file permissions",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.2:pkisetup-0:7.2.0-7.noarch",
"4AS-CERT-7.2:rhpki-ca-0:7.2.0-6.noarch",
"4AS-CERT-7.2:rhpki-common-0:7.2.0-16.noarch",
"4AS-CERT-7.2:rhpki-kra-0:7.2.0-5.noarch",
"4AS-CERT-7.2:rhpki-ocsp-0:7.2.0-5.noarch",
"4AS-CERT-7.2:rhpki-tks-0:7.2.0-5.noarch",
"4AS-CERT-7.2:rhpki-tps-0:7.2.0-8.i386",
"4AS-CERT-7.2:rhpki-tps-0:7.2.0-8.x86_64",
"4ES-CERT-7.2:pkisetup-0:7.2.0-7.noarch",
"4ES-CERT-7.2:rhpki-ca-0:7.2.0-6.noarch",
"4ES-CERT-7.2:rhpki-common-0:7.2.0-16.noarch",
"4ES-CERT-7.2:rhpki-kra-0:7.2.0-5.noarch",
"4ES-CERT-7.2:rhpki-ocsp-0:7.2.0-5.noarch",
"4ES-CERT-7.2:rhpki-tks-0:7.2.0-5.noarch",
"4ES-CERT-7.2:rhpki-tps-0:7.2.0-8.i386",
"4ES-CERT-7.2:rhpki-tps-0:7.2.0-8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2367"
},
{
"category": "external",
"summary": "RHBZ#451998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=451998"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2367",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2367"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2367",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2367"
}
],
"release_date": "2009-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-01-15T09:50:00+00:00",
"details": "Users running Red Hat Certificate System on Red Hat Enterprise Linux:\n\nBefore applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259\n\nUsers running Red Hat Certificate System on Sun Solaris:\n\nUpdated Solaris packages in .pkg format are available in the Red Hat\nCertificate System Solaris channels on the Red Hat Network. These packages\nshould be installed/upgraded using Solaris native package management tools.\n\nRefer to the Red Hat Certificate System Administration Guide for\ninstallation instructions:\nhttp://www.redhat.com/docs/manuals/cert-system/",
"product_ids": [
"4AS-CERT-7.2:pkisetup-0:7.2.0-7.noarch",
"4AS-CERT-7.2:rhpki-ca-0:7.2.0-6.noarch",
"4AS-CERT-7.2:rhpki-common-0:7.2.0-16.noarch",
"4AS-CERT-7.2:rhpki-kra-0:7.2.0-5.noarch",
"4AS-CERT-7.2:rhpki-ocsp-0:7.2.0-5.noarch",
"4AS-CERT-7.2:rhpki-tks-0:7.2.0-5.noarch",
"4AS-CERT-7.2:rhpki-tps-0:7.2.0-8.i386",
"4AS-CERT-7.2:rhpki-tps-0:7.2.0-8.x86_64",
"4ES-CERT-7.2:pkisetup-0:7.2.0-7.noarch",
"4ES-CERT-7.2:rhpki-ca-0:7.2.0-6.noarch",
"4ES-CERT-7.2:rhpki-common-0:7.2.0-16.noarch",
"4ES-CERT-7.2:rhpki-kra-0:7.2.0-5.noarch",
"4ES-CERT-7.2:rhpki-ocsp-0:7.2.0-5.noarch",
"4ES-CERT-7.2:rhpki-tks-0:7.2.0-5.noarch",
"4ES-CERT-7.2:rhpki-tps-0:7.2.0-8.i386",
"4ES-CERT-7.2:rhpki-tps-0:7.2.0-8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0006"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "System: insecure config file permissions"
},
{
"cve": "CVE-2008-2368",
"discovery_date": "2007-01-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "452000"
}
],
"notes": [
{
"category": "description",
"text": "Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "System: plain text passwords stored in debug log",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.2:pkisetup-0:7.2.0-7.noarch",
"4AS-CERT-7.2:rhpki-ca-0:7.2.0-6.noarch",
"4AS-CERT-7.2:rhpki-common-0:7.2.0-16.noarch",
"4AS-CERT-7.2:rhpki-kra-0:7.2.0-5.noarch",
"4AS-CERT-7.2:rhpki-ocsp-0:7.2.0-5.noarch",
"4AS-CERT-7.2:rhpki-tks-0:7.2.0-5.noarch",
"4AS-CERT-7.2:rhpki-tps-0:7.2.0-8.i386",
"4AS-CERT-7.2:rhpki-tps-0:7.2.0-8.x86_64",
"4ES-CERT-7.2:pkisetup-0:7.2.0-7.noarch",
"4ES-CERT-7.2:rhpki-ca-0:7.2.0-6.noarch",
"4ES-CERT-7.2:rhpki-common-0:7.2.0-16.noarch",
"4ES-CERT-7.2:rhpki-kra-0:7.2.0-5.noarch",
"4ES-CERT-7.2:rhpki-ocsp-0:7.2.0-5.noarch",
"4ES-CERT-7.2:rhpki-tks-0:7.2.0-5.noarch",
"4ES-CERT-7.2:rhpki-tps-0:7.2.0-8.i386",
"4ES-CERT-7.2:rhpki-tps-0:7.2.0-8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2368"
},
{
"category": "external",
"summary": "RHBZ#452000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=452000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2368",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2368"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2368",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2368"
}
],
"release_date": "2009-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-01-15T09:50:00+00:00",
"details": "Users running Red Hat Certificate System on Red Hat Enterprise Linux:\n\nBefore applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259\n\nUsers running Red Hat Certificate System on Sun Solaris:\n\nUpdated Solaris packages in .pkg format are available in the Red Hat\nCertificate System Solaris channels on the Red Hat Network. These packages\nshould be installed/upgraded using Solaris native package management tools.\n\nRefer to the Red Hat Certificate System Administration Guide for\ninstallation instructions:\nhttp://www.redhat.com/docs/manuals/cert-system/",
"product_ids": [
"4AS-CERT-7.2:pkisetup-0:7.2.0-7.noarch",
"4AS-CERT-7.2:rhpki-ca-0:7.2.0-6.noarch",
"4AS-CERT-7.2:rhpki-common-0:7.2.0-16.noarch",
"4AS-CERT-7.2:rhpki-kra-0:7.2.0-5.noarch",
"4AS-CERT-7.2:rhpki-ocsp-0:7.2.0-5.noarch",
"4AS-CERT-7.2:rhpki-tks-0:7.2.0-5.noarch",
"4AS-CERT-7.2:rhpki-tps-0:7.2.0-8.i386",
"4AS-CERT-7.2:rhpki-tps-0:7.2.0-8.x86_64",
"4ES-CERT-7.2:pkisetup-0:7.2.0-7.noarch",
"4ES-CERT-7.2:rhpki-ca-0:7.2.0-6.noarch",
"4ES-CERT-7.2:rhpki-common-0:7.2.0-16.noarch",
"4ES-CERT-7.2:rhpki-kra-0:7.2.0-5.noarch",
"4ES-CERT-7.2:rhpki-ocsp-0:7.2.0-5.noarch",
"4ES-CERT-7.2:rhpki-tks-0:7.2.0-5.noarch",
"4ES-CERT-7.2:rhpki-tps-0:7.2.0-8.i386",
"4ES-CERT-7.2:rhpki-tps-0:7.2.0-8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0006"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "System: plain text passwords stored in debug log"
}
]
}
rhsa-2009_0006
Vulnerability from csaf_redhat
Published
2009-01-15 09:50
Modified
2024-11-22 02:07
Summary
Red Hat Security Advisory: rhpki security and bug fix update
Notes
Topic
Updated pkisetup, rhpki-common, rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks,
and rhpki-tps (and rhpki-util for Solaris 9) packages that fix various
security issues and several bugs are now available for Red Hat Certificate
System 7.2.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
Red Hat Certificate System is an enterprise software system designed to
manage enterprise public key infrastructure (PKI) deployments.
It was discovered that Red Hat Certificate System used insecure default
file permissions on certain configuration files (for example,
password.conf) that may contain authentication credentials. These
credentials should only be accessible to administrative and service users.
A local user could use this flaw to read Red Hat Certificate System
configuration files containing sensitive information. (CVE-2008-2367)
It was discovered that Red Hat Certificate System stored plain text
passwords in multiple debug log files with insufficient access restrictions
(such as the UserDirEnrollment log and RA wizard installer log). A local
user could use this flaw to extract plain text passwords from the Red Hat
Certificate System debug log files. (CVE-2008-2368)
These updated packages fix the following bugs:
* Due to a regression, signing a certificate revocation list (CRL) with
approximately 150,000 records may have taken up to five minutes. In these
updated packages, signing such CRLs takes approximately twenty seconds.
* Because Certificate System servers could not handle Online Certificate
Status Protocol (OCSP) requests in the GET method, OCSP GET requests
resulted in a 404 error. The bug for handling GET requests may have also
caused a system to use 100% CPU. This has been resolved. Additionally,
OCSP requests are now logged to the debug log file.
* It was possible for a CRL update to run at the same time as a certificate
status update. Now, CRL updating locks out the certificate status update
thread.
* Inefficient LDAP search methods caused LDAP searches for 100,000 or
more revoked certificates to take twenty minutes or longer during CRL
generation. The LDAP search method has been modified to greatly improve
LDAP search times.
* The default OCSP verification path has changed since Red Hat Certificate
System 7.1. These updated packages add support for certificates that use
the old AuthorityInfoAccess (AIA) URL.
* An OCSP client submitting an OCSP request via the GET method may have
caused a NullPointerException.
* If an agent automatically approved a certificate signing request (CSR),
using AgentCertAuth, the resultant certificate contained blank
subjectAltName extension fields. A manual enrollment by the same agent
produced a certificate with the correct number of subjectAltNames and no
blank entries. With this update, automated enrollments through
AgentCertAuth do not have blank fields in issued certificates.
All users of Red Hat Certificate System 7.2 should upgrade to these updated
packages, which resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated pkisetup, rhpki-common, rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks,\nand rhpki-tps (and rhpki-util for Solaris 9) packages that fix various\nsecurity issues and several bugs are now available for Red Hat Certificate\nSystem 7.2.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Certificate System is an enterprise software system designed to\nmanage enterprise public key infrastructure (PKI) deployments.\n\nIt was discovered that Red Hat Certificate System used insecure default\nfile permissions on certain configuration files (for example,\npassword.conf) that may contain authentication credentials. These \ncredentials should only be accessible to administrative and service users. \nA local user could use this flaw to read Red Hat Certificate System \nconfiguration files containing sensitive information. (CVE-2008-2367)\n\nIt was discovered that Red Hat Certificate System stored plain text\npasswords in multiple debug log files with insufficient access restrictions\n(such as the UserDirEnrollment log and RA wizard installer log). A local\nuser could use this flaw to extract plain text passwords from the Red Hat\nCertificate System debug log files. (CVE-2008-2368)\n\nThese updated packages fix the following bugs:\n\n* Due to a regression, signing a certificate revocation list (CRL) with\napproximately 150,000 records may have taken up to five minutes. In these\nupdated packages, signing such CRLs takes approximately twenty seconds.\n\n* Because Certificate System servers could not handle Online Certificate \nStatus Protocol (OCSP) requests in the GET method, OCSP GET requests \nresulted in a 404 error. The bug for handling GET requests may have also \ncaused a system to use 100% CPU. This has been resolved. Additionally, \nOCSP requests are now logged to the debug log file.\n\n* It was possible for a CRL update to run at the same time as a certificate\nstatus update. Now, CRL updating locks out the certificate status update\nthread.\n\n* Inefficient LDAP search methods caused LDAP searches for 100,000 or \nmore revoked certificates to take twenty minutes or longer during CRL \ngeneration. The LDAP search method has been modified to greatly improve \nLDAP search times.\n\n* The default OCSP verification path has changed since Red Hat Certificate\nSystem 7.1. These updated packages add support for certificates that use\nthe old AuthorityInfoAccess (AIA) URL.\n\n* An OCSP client submitting an OCSP request via the GET method may have \ncaused a NullPointerException.\n\n* If an agent automatically approved a certificate signing request (CSR),\nusing AgentCertAuth, the resultant certificate contained blank \nsubjectAltName extension fields. A manual enrollment by the same agent \nproduced a certificate with the correct number of subjectAltNames and no \nblank entries. With this update, automated enrollments through \nAgentCertAuth do not have blank fields in issued certificates.\n\nAll users of Red Hat Certificate System 7.2 should upgrade to these updated\npackages, which resolve these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2009:0006",
"url": "https://access.redhat.com/errata/RHSA-2009:0006"
},
{
"category": "external",
"summary": "http://www.redhat.com/security/updates/classification/#moderate",
"url": "http://www.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "451998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=451998"
},
{
"category": "external",
"summary": "452000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=452000"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_0006.json"
}
],
"title": "Red Hat Security Advisory: rhpki security and bug fix update",
"tracking": {
"current_release_date": "2024-11-22T02:07:32+00:00",
"generator": {
"date": "2024-11-22T02:07:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2009:0006",
"initial_release_date": "2009-01-15T09:50:00+00:00",
"revision_history": [
{
"date": "2009-01-15T09:50:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2009-01-15T04:50:42+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T02:07:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Certificate System 7.2 for 4AS",
"product": {
"name": "Red Hat Certificate System 7.2 for 4AS",
"product_id": "4AS-CERT-7.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:certificate_system:7.2"
}
}
},
{
"category": "product_name",
"name": "Red Hat Certificate System 7.2 for 4ES",
"product": {
"name": "Red Hat Certificate System 7.2 for 4ES",
"product_id": "4ES-CERT-7.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:certificate_system:7.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Certificate System"
},
{
"branches": [
{
"category": "product_version",
"name": "rhpki-kra-0:7.2.0-5.noarch",
"product": {
"name": "rhpki-kra-0:7.2.0-5.noarch",
"product_id": "rhpki-kra-0:7.2.0-5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-kra@7.2.0-5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-ocsp-0:7.2.0-5.noarch",
"product": {
"name": "rhpki-ocsp-0:7.2.0-5.noarch",
"product_id": "rhpki-ocsp-0:7.2.0-5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-ocsp@7.2.0-5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-tks-0:7.2.0-5.noarch",
"product": {
"name": "rhpki-tks-0:7.2.0-5.noarch",
"product_id": "rhpki-tks-0:7.2.0-5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-tks@7.2.0-5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-ca-0:7.2.0-6.noarch",
"product": {
"name": "rhpki-ca-0:7.2.0-6.noarch",
"product_id": "rhpki-ca-0:7.2.0-6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-ca@7.2.0-6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pkisetup-0:7.2.0-7.noarch",
"product": {
"name": "pkisetup-0:7.2.0-7.noarch",
"product_id": "pkisetup-0:7.2.0-7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pkisetup@7.2.0-7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-common-0:7.2.0-16.noarch",
"product": {
"name": "rhpki-common-0:7.2.0-16.noarch",
"product_id": "rhpki-common-0:7.2.0-16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-common@7.2.0-16?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "rhpki-tps-0:7.2.0-8.x86_64",
"product": {
"name": "rhpki-tps-0:7.2.0-8.x86_64",
"product_id": "rhpki-tps-0:7.2.0-8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-tps@7.2.0-8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhpki-tps-0:7.2.0-8.i386",
"product": {
"name": "rhpki-tps-0:7.2.0-8.i386",
"product_id": "rhpki-tps-0:7.2.0-8.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-tps@7.2.0-8?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pkisetup-0:7.2.0-7.noarch as a component of Red Hat Certificate System 7.2 for 4AS",
"product_id": "4AS-CERT-7.2:pkisetup-0:7.2.0-7.noarch"
},
"product_reference": "pkisetup-0:7.2.0-7.noarch",
"relates_to_product_reference": "4AS-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ca-0:7.2.0-6.noarch as a component of Red Hat Certificate System 7.2 for 4AS",
"product_id": "4AS-CERT-7.2:rhpki-ca-0:7.2.0-6.noarch"
},
"product_reference": "rhpki-ca-0:7.2.0-6.noarch",
"relates_to_product_reference": "4AS-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-common-0:7.2.0-16.noarch as a component of Red Hat Certificate System 7.2 for 4AS",
"product_id": "4AS-CERT-7.2:rhpki-common-0:7.2.0-16.noarch"
},
"product_reference": "rhpki-common-0:7.2.0-16.noarch",
"relates_to_product_reference": "4AS-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-kra-0:7.2.0-5.noarch as a component of Red Hat Certificate System 7.2 for 4AS",
"product_id": "4AS-CERT-7.2:rhpki-kra-0:7.2.0-5.noarch"
},
"product_reference": "rhpki-kra-0:7.2.0-5.noarch",
"relates_to_product_reference": "4AS-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ocsp-0:7.2.0-5.noarch as a component of Red Hat Certificate System 7.2 for 4AS",
"product_id": "4AS-CERT-7.2:rhpki-ocsp-0:7.2.0-5.noarch"
},
"product_reference": "rhpki-ocsp-0:7.2.0-5.noarch",
"relates_to_product_reference": "4AS-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tks-0:7.2.0-5.noarch as a component of Red Hat Certificate System 7.2 for 4AS",
"product_id": "4AS-CERT-7.2:rhpki-tks-0:7.2.0-5.noarch"
},
"product_reference": "rhpki-tks-0:7.2.0-5.noarch",
"relates_to_product_reference": "4AS-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tps-0:7.2.0-8.i386 as a component of Red Hat Certificate System 7.2 for 4AS",
"product_id": "4AS-CERT-7.2:rhpki-tps-0:7.2.0-8.i386"
},
"product_reference": "rhpki-tps-0:7.2.0-8.i386",
"relates_to_product_reference": "4AS-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tps-0:7.2.0-8.x86_64 as a component of Red Hat Certificate System 7.2 for 4AS",
"product_id": "4AS-CERT-7.2:rhpki-tps-0:7.2.0-8.x86_64"
},
"product_reference": "rhpki-tps-0:7.2.0-8.x86_64",
"relates_to_product_reference": "4AS-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pkisetup-0:7.2.0-7.noarch as a component of Red Hat Certificate System 7.2 for 4ES",
"product_id": "4ES-CERT-7.2:pkisetup-0:7.2.0-7.noarch"
},
"product_reference": "pkisetup-0:7.2.0-7.noarch",
"relates_to_product_reference": "4ES-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ca-0:7.2.0-6.noarch as a component of Red Hat Certificate System 7.2 for 4ES",
"product_id": "4ES-CERT-7.2:rhpki-ca-0:7.2.0-6.noarch"
},
"product_reference": "rhpki-ca-0:7.2.0-6.noarch",
"relates_to_product_reference": "4ES-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-common-0:7.2.0-16.noarch as a component of Red Hat Certificate System 7.2 for 4ES",
"product_id": "4ES-CERT-7.2:rhpki-common-0:7.2.0-16.noarch"
},
"product_reference": "rhpki-common-0:7.2.0-16.noarch",
"relates_to_product_reference": "4ES-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-kra-0:7.2.0-5.noarch as a component of Red Hat Certificate System 7.2 for 4ES",
"product_id": "4ES-CERT-7.2:rhpki-kra-0:7.2.0-5.noarch"
},
"product_reference": "rhpki-kra-0:7.2.0-5.noarch",
"relates_to_product_reference": "4ES-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ocsp-0:7.2.0-5.noarch as a component of Red Hat Certificate System 7.2 for 4ES",
"product_id": "4ES-CERT-7.2:rhpki-ocsp-0:7.2.0-5.noarch"
},
"product_reference": "rhpki-ocsp-0:7.2.0-5.noarch",
"relates_to_product_reference": "4ES-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tks-0:7.2.0-5.noarch as a component of Red Hat Certificate System 7.2 for 4ES",
"product_id": "4ES-CERT-7.2:rhpki-tks-0:7.2.0-5.noarch"
},
"product_reference": "rhpki-tks-0:7.2.0-5.noarch",
"relates_to_product_reference": "4ES-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tps-0:7.2.0-8.i386 as a component of Red Hat Certificate System 7.2 for 4ES",
"product_id": "4ES-CERT-7.2:rhpki-tps-0:7.2.0-8.i386"
},
"product_reference": "rhpki-tps-0:7.2.0-8.i386",
"relates_to_product_reference": "4ES-CERT-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tps-0:7.2.0-8.x86_64 as a component of Red Hat Certificate System 7.2 for 4ES",
"product_id": "4ES-CERT-7.2:rhpki-tps-0:7.2.0-8.x86_64"
},
"product_reference": "rhpki-tps-0:7.2.0-8.x86_64",
"relates_to_product_reference": "4ES-CERT-7.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-2367",
"discovery_date": "2007-07-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "451998"
}
],
"notes": [
{
"category": "description",
"text": "Red Hat Certificate System 7.2 uses world-readable permissions for password.conf and unspecified other configuration files, which allows local users to discover passwords by reading these files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "System: insecure config file permissions",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.2:pkisetup-0:7.2.0-7.noarch",
"4AS-CERT-7.2:rhpki-ca-0:7.2.0-6.noarch",
"4AS-CERT-7.2:rhpki-common-0:7.2.0-16.noarch",
"4AS-CERT-7.2:rhpki-kra-0:7.2.0-5.noarch",
"4AS-CERT-7.2:rhpki-ocsp-0:7.2.0-5.noarch",
"4AS-CERT-7.2:rhpki-tks-0:7.2.0-5.noarch",
"4AS-CERT-7.2:rhpki-tps-0:7.2.0-8.i386",
"4AS-CERT-7.2:rhpki-tps-0:7.2.0-8.x86_64",
"4ES-CERT-7.2:pkisetup-0:7.2.0-7.noarch",
"4ES-CERT-7.2:rhpki-ca-0:7.2.0-6.noarch",
"4ES-CERT-7.2:rhpki-common-0:7.2.0-16.noarch",
"4ES-CERT-7.2:rhpki-kra-0:7.2.0-5.noarch",
"4ES-CERT-7.2:rhpki-ocsp-0:7.2.0-5.noarch",
"4ES-CERT-7.2:rhpki-tks-0:7.2.0-5.noarch",
"4ES-CERT-7.2:rhpki-tps-0:7.2.0-8.i386",
"4ES-CERT-7.2:rhpki-tps-0:7.2.0-8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2367"
},
{
"category": "external",
"summary": "RHBZ#451998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=451998"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2367",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2367"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2367",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2367"
}
],
"release_date": "2009-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-01-15T09:50:00+00:00",
"details": "Users running Red Hat Certificate System on Red Hat Enterprise Linux:\n\nBefore applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259\n\nUsers running Red Hat Certificate System on Sun Solaris:\n\nUpdated Solaris packages in .pkg format are available in the Red Hat\nCertificate System Solaris channels on the Red Hat Network. These packages\nshould be installed/upgraded using Solaris native package management tools.\n\nRefer to the Red Hat Certificate System Administration Guide for\ninstallation instructions:\nhttp://www.redhat.com/docs/manuals/cert-system/",
"product_ids": [
"4AS-CERT-7.2:pkisetup-0:7.2.0-7.noarch",
"4AS-CERT-7.2:rhpki-ca-0:7.2.0-6.noarch",
"4AS-CERT-7.2:rhpki-common-0:7.2.0-16.noarch",
"4AS-CERT-7.2:rhpki-kra-0:7.2.0-5.noarch",
"4AS-CERT-7.2:rhpki-ocsp-0:7.2.0-5.noarch",
"4AS-CERT-7.2:rhpki-tks-0:7.2.0-5.noarch",
"4AS-CERT-7.2:rhpki-tps-0:7.2.0-8.i386",
"4AS-CERT-7.2:rhpki-tps-0:7.2.0-8.x86_64",
"4ES-CERT-7.2:pkisetup-0:7.2.0-7.noarch",
"4ES-CERT-7.2:rhpki-ca-0:7.2.0-6.noarch",
"4ES-CERT-7.2:rhpki-common-0:7.2.0-16.noarch",
"4ES-CERT-7.2:rhpki-kra-0:7.2.0-5.noarch",
"4ES-CERT-7.2:rhpki-ocsp-0:7.2.0-5.noarch",
"4ES-CERT-7.2:rhpki-tks-0:7.2.0-5.noarch",
"4ES-CERT-7.2:rhpki-tps-0:7.2.0-8.i386",
"4ES-CERT-7.2:rhpki-tps-0:7.2.0-8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0006"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "System: insecure config file permissions"
},
{
"cve": "CVE-2008-2368",
"discovery_date": "2007-01-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "452000"
}
],
"notes": [
{
"category": "description",
"text": "Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "System: plain text passwords stored in debug log",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.2:pkisetup-0:7.2.0-7.noarch",
"4AS-CERT-7.2:rhpki-ca-0:7.2.0-6.noarch",
"4AS-CERT-7.2:rhpki-common-0:7.2.0-16.noarch",
"4AS-CERT-7.2:rhpki-kra-0:7.2.0-5.noarch",
"4AS-CERT-7.2:rhpki-ocsp-0:7.2.0-5.noarch",
"4AS-CERT-7.2:rhpki-tks-0:7.2.0-5.noarch",
"4AS-CERT-7.2:rhpki-tps-0:7.2.0-8.i386",
"4AS-CERT-7.2:rhpki-tps-0:7.2.0-8.x86_64",
"4ES-CERT-7.2:pkisetup-0:7.2.0-7.noarch",
"4ES-CERT-7.2:rhpki-ca-0:7.2.0-6.noarch",
"4ES-CERT-7.2:rhpki-common-0:7.2.0-16.noarch",
"4ES-CERT-7.2:rhpki-kra-0:7.2.0-5.noarch",
"4ES-CERT-7.2:rhpki-ocsp-0:7.2.0-5.noarch",
"4ES-CERT-7.2:rhpki-tks-0:7.2.0-5.noarch",
"4ES-CERT-7.2:rhpki-tps-0:7.2.0-8.i386",
"4ES-CERT-7.2:rhpki-tps-0:7.2.0-8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2368"
},
{
"category": "external",
"summary": "RHBZ#452000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=452000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2368",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2368"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2368",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2368"
}
],
"release_date": "2009-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-01-15T09:50:00+00:00",
"details": "Users running Red Hat Certificate System on Red Hat Enterprise Linux:\n\nBefore applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259\n\nUsers running Red Hat Certificate System on Sun Solaris:\n\nUpdated Solaris packages in .pkg format are available in the Red Hat\nCertificate System Solaris channels on the Red Hat Network. These packages\nshould be installed/upgraded using Solaris native package management tools.\n\nRefer to the Red Hat Certificate System Administration Guide for\ninstallation instructions:\nhttp://www.redhat.com/docs/manuals/cert-system/",
"product_ids": [
"4AS-CERT-7.2:pkisetup-0:7.2.0-7.noarch",
"4AS-CERT-7.2:rhpki-ca-0:7.2.0-6.noarch",
"4AS-CERT-7.2:rhpki-common-0:7.2.0-16.noarch",
"4AS-CERT-7.2:rhpki-kra-0:7.2.0-5.noarch",
"4AS-CERT-7.2:rhpki-ocsp-0:7.2.0-5.noarch",
"4AS-CERT-7.2:rhpki-tks-0:7.2.0-5.noarch",
"4AS-CERT-7.2:rhpki-tps-0:7.2.0-8.i386",
"4AS-CERT-7.2:rhpki-tps-0:7.2.0-8.x86_64",
"4ES-CERT-7.2:pkisetup-0:7.2.0-7.noarch",
"4ES-CERT-7.2:rhpki-ca-0:7.2.0-6.noarch",
"4ES-CERT-7.2:rhpki-common-0:7.2.0-16.noarch",
"4ES-CERT-7.2:rhpki-kra-0:7.2.0-5.noarch",
"4ES-CERT-7.2:rhpki-ocsp-0:7.2.0-5.noarch",
"4ES-CERT-7.2:rhpki-tks-0:7.2.0-5.noarch",
"4ES-CERT-7.2:rhpki-tps-0:7.2.0-8.i386",
"4ES-CERT-7.2:rhpki-tps-0:7.2.0-8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0006"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "System: plain text passwords stored in debug log"
}
]
}
rhsa-2009:0007
Vulnerability from csaf_redhat
Published
2009-01-29 09:31
Modified
2025-09-25 11:37
Summary
Red Hat Security Advisory: rhpki security and bug fix update
Notes
Topic
Updated rhpki-common packages that fix security issues are now available
for Red Hat Certificate System 7.3.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
Red Hat Certificate System (RHCS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.
It was discovered that Red Hat Certificate System used insecure default
file permissions on certain configuration files (for example,
password.conf) that may contain authentication credentials. These
credentials should only be accessible to administrative and service users.
A local user could use this flaw to read Red Hat Certificate System
configuration files containing sensitive information. (CVE-2008-2367)
It was discovered that Red Hat Certificate System stored plain text
passwords in multiple debug log files with insufficient access restrictions
(for example, the UserDirEnrollment log and the RA wizard installer log). A
local user could use this flaw to extract plain text passwords from the Red
Hat Certificate System debug log files. (CVE-2008-2368)
It was discovered that the Token Processing System (TPS) component of the
Red Hat Certificate System did not properly verify the challenge response
received during the enrollment of a new security token. An attacker with
access to a blank token known to the TPS component and with privileges to
perform new token enrollments could use this flaw to complete the
enrollment procedure with a software-generated key instead of the key
stored in the hardware token. (CVE-2008-5082)
These updated packages fix the following bugs:
* The end-entities enrollment pages have been updated to support the
certenroll.dll library used on Microsoft Vista, so Internet Explorer can
be used on to enroll certificates on Vista.
* The password used by the LDAP publisher was improperly stored in the CA
configuration. This essentially required that the LDAP publishing password
had to be the same as the internal database (LDAP directory) password, or
LDAP publishing would break. A new parameter was added to the CA CS.cfg
file to define an LDAP publishing password parameter in the CA's
password.conf file.
* The secure ports used by subsystem interfaces — the administrative
console, agent pages, and end-entities pages — are, by default, the same.
It is possible with this errata to run those services on separate port,
which provides additional protection by prohibiting agents and users from
accessing the same TCP port and web services directory.
* The certificate policies extension was not processed by CMSServlet.
* Any IP Address defined in a certificate's SubjectAltName parameter was
improperly coded as an 8-byte number, with the last 4 bytes trailing zeros
(00 00 00 00).
* The subject name uniqueness plug-in in the CA profiles, which enforces
unique names for all active certificates, would reject a certificate
request which reused a subject name even if the previous certificate had
been revoked or expired.
* The TPS dependences have been changed from MozLDAP5 to MozLDAP6.
All users of Red Hat Certificate System 7.3 should upgrade to these updated
packages, which resolves these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated rhpki-common packages that fix security issues are now available\nfor Red Hat Certificate System 7.3.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Certificate System (RHCS) is an enterprise software system designed\nto manage enterprise Public Key Infrastructure (PKI) deployments.\n\nIt was discovered that Red Hat Certificate System used insecure default\nfile permissions on certain configuration files (for example,\npassword.conf) that may contain authentication credentials. These \ncredentials should only be accessible to administrative and service users. \nA local user could use this flaw to read Red Hat Certificate System \nconfiguration files containing sensitive information. (CVE-2008-2367)\n\nIt was discovered that Red Hat Certificate System stored plain text\npasswords in multiple debug log files with insufficient access restrictions\n(for example, the UserDirEnrollment log and the RA wizard installer log). A\nlocal user could use this flaw to extract plain text passwords from the Red\nHat Certificate System debug log files. (CVE-2008-2368)\n\nIt was discovered that the Token Processing System (TPS) component of the\nRed Hat Certificate System did not properly verify the challenge response\nreceived during the enrollment of a new security token. An attacker with\naccess to a blank token known to the TPS component and with privileges to\nperform new token enrollments could use this flaw to complete the\nenrollment procedure with a software-generated key instead of the key\nstored in the hardware token. (CVE-2008-5082)\n\nThese updated packages fix the following bugs:\n\n* The end-entities enrollment pages have been updated to support the \ncertenroll.dll library used on Microsoft Vista, so Internet Explorer can \nbe used on to enroll certificates on Vista.\n\n* The password used by the LDAP publisher was improperly stored in the CA \nconfiguration. This essentially required that the LDAP publishing password\nhad to be the same as the internal database (LDAP directory) password, or \nLDAP publishing would break. A new parameter was added to the CA CS.cfg \nfile to define an LDAP publishing password parameter in the CA\u0027s \npassword.conf file.\n\n* The secure ports used by subsystem interfaces \u2014 the administrative \nconsole, agent pages, and end-entities pages \u2014 are, by default, the same. \nIt is possible with this errata to run those services on separate port,\nwhich provides additional protection by prohibiting agents and users from\naccessing the same TCP port and web services directory.\n\n* The certificate policies extension was not processed by CMSServlet.\n\n* Any IP Address defined in a certificate\u0027s SubjectAltName parameter was \nimproperly coded as an 8-byte number, with the last 4 bytes trailing zeros \n(00 00 00 00).\n\n* The subject name uniqueness plug-in in the CA profiles, which enforces \nunique names for all active certificates, would reject a certificate \nrequest which reused a subject name even if the previous certificate had \nbeen revoked or expired.\n\n* The TPS dependences have been changed from MozLDAP5 to MozLDAP6.\n\nAll users of Red Hat Certificate System 7.3 should upgrade to these updated\npackages, which resolves these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2009:0007",
"url": "https://access.redhat.com/errata/RHSA-2009:0007"
},
{
"category": "external",
"summary": "http://www.redhat.com/security/updates/classification/#moderate",
"url": "http://www.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "451998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=451998"
},
{
"category": "external",
"summary": "452000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=452000"
},
{
"category": "external",
"summary": "459049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459049"
},
{
"category": "external",
"summary": "475998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=475998"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_0007.json"
}
],
"title": "Red Hat Security Advisory: rhpki security and bug fix update",
"tracking": {
"current_release_date": "2025-09-25T11:37:58+00:00",
"generator": {
"date": "2025-09-25T11:37:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.8"
}
},
"id": "RHSA-2009:0007",
"initial_release_date": "2009-01-29T09:31:00+00:00",
"revision_history": [
{
"date": "2009-01-29T09:31:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2009-01-29T04:31:12+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-25T11:37:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Certificate System 7.3 for 4AS",
"product": {
"name": "Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:certificate_system:7.3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Certificate System 7.3 for 4ES",
"product": {
"name": "Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:certificate_system:7.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat Certificate System"
},
{
"branches": [
{
"category": "product_version",
"name": "pkisetup-0:7.3.0-14.el4.noarch",
"product": {
"name": "pkisetup-0:7.3.0-14.el4.noarch",
"product_id": "pkisetup-0:7.3.0-14.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pkisetup@7.3.0-14.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-ocsp-0:7.3.0-11.el4.noarch",
"product": {
"name": "rhpki-ocsp-0:7.3.0-11.el4.noarch",
"product_id": "rhpki-ocsp-0:7.3.0-11.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-ocsp@7.3.0-11.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-ra-0:7.3.0-67.el4.noarch",
"product": {
"name": "rhpki-ra-0:7.3.0-67.el4.noarch",
"product_id": "rhpki-ra-0:7.3.0-67.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-ra@7.3.0-67.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-ca-0:7.3.0-17.el4.noarch",
"product": {
"name": "rhpki-ca-0:7.3.0-17.el4.noarch",
"product_id": "rhpki-ca-0:7.3.0-17.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-ca@7.3.0-17.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-tks-0:7.3.0-12.el4.noarch",
"product": {
"name": "rhpki-tks-0:7.3.0-12.el4.noarch",
"product_id": "rhpki-tks-0:7.3.0-12.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-tks@7.3.0-12.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-util-0:7.3.0-20.el4.noarch",
"product": {
"name": "rhpki-util-0:7.3.0-20.el4.noarch",
"product_id": "rhpki-util-0:7.3.0-20.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-util@7.3.0-20.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-kra-0:7.3.0-13.el4.noarch",
"product": {
"name": "rhpki-kra-0:7.3.0-13.el4.noarch",
"product_id": "rhpki-kra-0:7.3.0-13.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-kra@7.3.0-13.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-common-0:7.3.0-40.el4.noarch",
"product": {
"name": "rhpki-common-0:7.3.0-40.el4.noarch",
"product_id": "rhpki-common-0:7.3.0-40.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-common@7.3.0-40.el4?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "rhpki-tps-0:7.3.0-23.el4.x86_64",
"product": {
"name": "rhpki-tps-0:7.3.0-23.el4.x86_64",
"product_id": "rhpki-tps-0:7.3.0-23.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-tps@7.3.0-23.el4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhpki-tps-0:7.3.0-23.el4.i386",
"product": {
"name": "rhpki-tps-0:7.3.0-23.el4.i386",
"product_id": "rhpki-tps-0:7.3.0-23.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-tps@7.3.0-23.el4?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pkisetup-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch"
},
"product_reference": "pkisetup-0:7.3.0-14.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ca-0:7.3.0-17.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch"
},
"product_reference": "rhpki-ca-0:7.3.0-17.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-common-0:7.3.0-40.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch"
},
"product_reference": "rhpki-common-0:7.3.0-40.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-kra-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch"
},
"product_reference": "rhpki-kra-0:7.3.0-13.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ocsp-0:7.3.0-11.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch"
},
"product_reference": "rhpki-ocsp-0:7.3.0-11.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ra-0:7.3.0-67.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch"
},
"product_reference": "rhpki-ra-0:7.3.0-67.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tks-0:7.3.0-12.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch"
},
"product_reference": "rhpki-tks-0:7.3.0-12.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tps-0:7.3.0-23.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386"
},
"product_reference": "rhpki-tps-0:7.3.0-23.el4.i386",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tps-0:7.3.0-23.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64"
},
"product_reference": "rhpki-tps-0:7.3.0-23.el4.x86_64",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-util-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch"
},
"product_reference": "rhpki-util-0:7.3.0-20.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pkisetup-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch"
},
"product_reference": "pkisetup-0:7.3.0-14.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ca-0:7.3.0-17.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch"
},
"product_reference": "rhpki-ca-0:7.3.0-17.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-common-0:7.3.0-40.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch"
},
"product_reference": "rhpki-common-0:7.3.0-40.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-kra-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch"
},
"product_reference": "rhpki-kra-0:7.3.0-13.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ocsp-0:7.3.0-11.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch"
},
"product_reference": "rhpki-ocsp-0:7.3.0-11.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ra-0:7.3.0-67.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch"
},
"product_reference": "rhpki-ra-0:7.3.0-67.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tks-0:7.3.0-12.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch"
},
"product_reference": "rhpki-tks-0:7.3.0-12.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tps-0:7.3.0-23.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386"
},
"product_reference": "rhpki-tps-0:7.3.0-23.el4.i386",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tps-0:7.3.0-23.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64"
},
"product_reference": "rhpki-tps-0:7.3.0-23.el4.x86_64",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-util-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch"
},
"product_reference": "rhpki-util-0:7.3.0-20.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-2367",
"discovery_date": "2007-07-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "451998"
}
],
"notes": [
{
"category": "description",
"text": "Red Hat Certificate System 7.2 uses world-readable permissions for password.conf and unspecified other configuration files, which allows local users to discover passwords by reading these files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "System: insecure config file permissions",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch",
"4AS-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch",
"4AS-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch",
"4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386",
"4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64",
"4AS-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch",
"4ES-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch",
"4ES-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch",
"4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386",
"4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64",
"4ES-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2367"
},
{
"category": "external",
"summary": "RHBZ#451998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=451998"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2367",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2367"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2367",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2367"
}
],
"release_date": "2009-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-01-29T09:31:00+00:00",
"details": "Users running Red Hat Certificate System on Red Hat Enterprise Linux:\n\nBefore applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259\n\nUsers running Red Hat Certificate System on Sun Solaris:\n\nUpdated Solaris packages, in .pkg format, are available in the Red Hat\nCertificate System Solaris channels on the Red Hat Network. This packages\nshould be installed or upgraded using Solaris-native package management\ntools.\n\nFor detailed installation instructions, see Chapter 2, \"Installation and\nConfiguration\", of the Red Hat Certificate System 7.3 Administration Guide:\nhttp://redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Installation_and_Configuration.html",
"product_ids": [
"4AS-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch",
"4AS-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch",
"4AS-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch",
"4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386",
"4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64",
"4AS-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch",
"4ES-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch",
"4ES-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch",
"4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386",
"4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64",
"4ES-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0007"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "System: insecure config file permissions"
},
{
"cve": "CVE-2008-2368",
"discovery_date": "2007-01-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "452000"
}
],
"notes": [
{
"category": "description",
"text": "Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "System: plain text passwords stored in debug log",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch",
"4AS-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch",
"4AS-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch",
"4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386",
"4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64",
"4AS-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch",
"4ES-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch",
"4ES-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch",
"4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386",
"4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64",
"4ES-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2368"
},
{
"category": "external",
"summary": "RHBZ#452000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=452000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2368",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2368"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2368",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2368"
}
],
"release_date": "2009-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-01-29T09:31:00+00:00",
"details": "Users running Red Hat Certificate System on Red Hat Enterprise Linux:\n\nBefore applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259\n\nUsers running Red Hat Certificate System on Sun Solaris:\n\nUpdated Solaris packages, in .pkg format, are available in the Red Hat\nCertificate System Solaris channels on the Red Hat Network. This packages\nshould be installed or upgraded using Solaris-native package management\ntools.\n\nFor detailed installation instructions, see Chapter 2, \"Installation and\nConfiguration\", of the Red Hat Certificate System 7.3 Administration Guide:\nhttp://redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Installation_and_Configuration.html",
"product_ids": [
"4AS-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch",
"4AS-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch",
"4AS-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch",
"4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386",
"4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64",
"4AS-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch",
"4ES-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch",
"4ES-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch",
"4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386",
"4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64",
"4ES-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0007"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "System: plain text passwords stored in debug log"
},
{
"cve": "CVE-2008-5082",
"discovery_date": "2008-11-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "475998"
}
],
"notes": [
{
"category": "description",
"text": "The verifyProof function in the Token Processing System (TPS) component in Red Hat Certificate System (RHCS) 7.1 through 7.3 and Dogtag Certificate System 1.0 returns successfully even when token enrollment did not use the hardware key, which allows remote authenticated users with enrollment privileges to bypass intended authentication policies by performing enrollment with a software key.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "System: missing public key challenge proof verification in the TPS component",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch",
"4AS-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch",
"4AS-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch",
"4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386",
"4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64",
"4AS-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch",
"4ES-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch",
"4ES-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch",
"4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386",
"4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64",
"4ES-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-5082"
},
{
"category": "external",
"summary": "RHBZ#475998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=475998"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-5082",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5082"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5082",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5082"
}
],
"release_date": "2009-01-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-01-29T09:31:00+00:00",
"details": "Users running Red Hat Certificate System on Red Hat Enterprise Linux:\n\nBefore applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259\n\nUsers running Red Hat Certificate System on Sun Solaris:\n\nUpdated Solaris packages, in .pkg format, are available in the Red Hat\nCertificate System Solaris channels on the Red Hat Network. This packages\nshould be installed or upgraded using Solaris-native package management\ntools.\n\nFor detailed installation instructions, see Chapter 2, \"Installation and\nConfiguration\", of the Red Hat Certificate System 7.3 Administration Guide:\nhttp://redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Installation_and_Configuration.html",
"product_ids": [
"4AS-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch",
"4AS-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch",
"4AS-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch",
"4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386",
"4AS-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64",
"4AS-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:pkisetup-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-17.el4.noarch",
"4ES-CERT-7.3:rhpki-common-0:7.3.0-40.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-11.el4.noarch",
"4ES-CERT-7.3:rhpki-ra-0:7.3.0-67.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-12.el4.noarch",
"4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.i386",
"4ES-CERT-7.3:rhpki-tps-0:7.3.0-23.el4.x86_64",
"4ES-CERT-7.3:rhpki-util-0:7.3.0-20.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0007"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "System: missing public key challenge proof verification in the TPS component"
}
]
}
ghsa-hj7g-ch5r-67hc
Vulnerability from github
Published
2022-05-01 23:49
Modified
2022-05-01 23:49
VLAI Severity ?
Details
Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files.
{
"affected": [],
"aliases": [
"CVE-2008-2368"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2009-01-20T16:30:00Z",
"severity": "LOW"
},
"details": "Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files.",
"id": "GHSA-hj7g-ch5r-67hc",
"modified": "2022-05-01T23:49:30Z",
"published": "2022-05-01T23:49:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2368"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=452000"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48022"
},
{
"type": "WEB",
"url": "https://rhn.redhat.com/errata/RHSA-2009-0006.html"
},
{
"type": "WEB",
"url": "https://rhn.redhat.com/errata/RHSA-2009-0007.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/33540"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1021608"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/33288"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2009/0145"
}
],
"schema_version": "1.4.0",
"severity": []
}
fkie_cve-2008-2368
Vulnerability from fkie_nvd
Published
2009-01-20 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | certificate_system | 7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:certificate_system:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27FE079E-FB15-443C-BE2E-1D4C940BB8C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files."
},
{
"lang": "es",
"value": "Red Hat Certificate System 7.2 almacena contrase\u00f1as en texto claro en el log UserDirEnrollment, el log RA wizard installer, y otros ficheros de log de errores sin especificar, y utiliza la debilidad en los permisos para esos ficheros, lo que permite a usuarios locales descubrir contrase\u00f1as leyendo los ficheros."
}
],
"id": "CVE-2008-2368",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-01-20T16:30:00.280",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33540"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1021608"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/33288"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2009/0145"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=452000"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48022"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-0006.html"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2009-0007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1021608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/33288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=452000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-0006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2009-0007.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
gsd-2008-2368
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2008-2368",
"description": "Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files.",
"id": "GSD-2008-2368",
"references": [
"https://access.redhat.com/errata/RHSA-2009:0007",
"https://access.redhat.com/errata/RHSA-2009:0006"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2008-2368"
],
"details": "Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files.",
"id": "GSD-2008-2368",
"modified": "2023-12-13T01:23:01.319134Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-2368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vupen.com/english/advisories/2009/0145",
"refsource": "MISC",
"url": "http://www.vupen.com/english/advisories/2009/0145"
},
{
"name": "https://rhn.redhat.com/errata/RHSA-2009-0007.html",
"refsource": "MISC",
"url": "https://rhn.redhat.com/errata/RHSA-2009-0007.html"
},
{
"name": "http://secunia.com/advisories/33540",
"refsource": "MISC",
"url": "http://secunia.com/advisories/33540"
},
{
"name": "http://securitytracker.com/id?1021608",
"refsource": "MISC",
"url": "http://securitytracker.com/id?1021608"
},
{
"name": "http://www.securityfocus.com/bid/33288",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/33288"
},
{
"name": "https://rhn.redhat.com/errata/RHSA-2009-0006.html",
"refsource": "MISC",
"url": "https://rhn.redhat.com/errata/RHSA-2009-0006.html"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48022",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48022"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=452000",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=452000"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:certificate_system:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-2368"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=452000",
"refsource": "CONFIRM",
"tags": [],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=452000"
},
{
"name": "1021608",
"refsource": "SECTRACK",
"tags": [],
"url": "http://securitytracker.com/id?1021608"
},
{
"name": "33288",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/33288"
},
{
"name": "33540",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33540"
},
{
"name": "RHSA-2009:0006",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-0006.html"
},
{
"name": "RHSA-2009:0007",
"refsource": "REDHAT",
"tags": [],
"url": "https://rhn.redhat.com/errata/RHSA-2009-0007.html"
},
{
"name": "ADV-2009-0145",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2009/0145"
},
{
"name": "redhat-cs-debuglog-info-disclosure(48022)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48022"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2017-08-08T01:30Z",
"publishedDate": "2009-01-20T16:30Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…