This site requires JavaScript to be enabled to function correctly, please enable it.
Summary:
CVE-2016-3111 pulp: Race condition when generating RSA keys for authenticating messages between server and consumers
Product:
[Other] Security Response
Reporter:
Adam Mariš <amaris>
Component:
vulnerability Assignee:
Red Hat Product Security <security-response-team>
Status:
CLOSED
ERRATA
QA Contact:
Severity:
low
Docs Contact:
Priority:
low
Version:
unspecified CC:
bkearney, cbillett, jcline, jmatthew, mmccune, ohadlevy, rbarlow, security-response-team, tjay, tlestach, tsanders
Target Milestone:
--- Keywords:
Security
Target Release:
---
Hardware:
All
OS:
Linux
Whiteboard:
Fixed In Version:
Doc Type:
Bug Fix
Doc Text:
It was found that the private RSA key was created in a directory that is world-readable for a small amount of time. A local user could possibly use this flaw to gain access to the private key information in the file.
Story Points:
---
Clone Of:
Environment:
Last Closed:
2016-09-19 19:03:05 UTC
Type:
---
Regression:
---
Mount Type:
---
Documentation:
---
CRM:
Verified Versions:
Category:
---
oVirt Team:
---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:
---
Target Upstream Version:
Embargoed:
Bug Depends On:
1326913 , 1326919
Bug Blocks:
1325942
Attachments: