Red Hat Bugzilla – Bug 836268
CVE-2012-3367 Certificate System: CA certificate can be revoked
Last modified: 2012-07-19 12:54:53 EDT
It was discovered that the Red Hat Certificate System's / Dogtag Certificate System's Certificate Manager did not properly check certificate revocation requests. An agent permitted to perform revocations of end entity certificates via Certificate System's web interface could use this flaw to revoke the Certificate Authority (CA) certificate.
The issue was originally reported via bug #832212.
Patch applied to address this issue:
This issue has been addressed in following products:
Red Hat Certificate System 8
Via RHSA-2012:1103 https://rhn.redhat.com/errata/RHSA-2012-1103.html