Red Hat Bugzilla – Bug 1253884
CVE-2015-5202 Satellite6: Single CA certificate abuse by content nodes to escalate privileges
Last modified: 2016-02-15 09:27:18 EST
Brian Bouterse of Red Hat reports:
Satellite 6 uses a single CA to generate sign all certs; that CA is trusted by
the Qpid brokers on the server, capsule, dispatch router, httpd, etc. By design,
content hosts only should connect to httpd and the dispatch router. A user with
root access to a content host has access to these certs and could authenticate
to the server broker or the capsule broker.
This issue was discovered by Brian Bouterse of Red Hat.