Red Hat Bugzilla – Bug 869570
CVE-2012-4555 pki-tps: Temporary denial of service on interrupted token format operations
Last modified: 2015-07-31 06:35:41 EDT
A denial of service flaw was found in the way token processing system of Certificate System processed interrupted token format operations. A local attacker, via suddenly interrupting the token format operation, could use this flaw to cause pki-tps infrastructure to crash with NULL pointer dereference, subsequently leading to relevant Apache httpd web server worker it to need to restart, rendering it to be unavailable for short period of time possibly halting (already) in-progress operations of other users.
This issue affects the version of the pki-tps package, as shipped with Red Hat Certificate System 8.1.
This issue affects the versions of the pki-tps package, as shipped with Fedora release of 16 and 17.
This issue did NOT affect the version of the pki-tps package, as shipped with Fedora EPEL 5.
The CVE identifier of CVE-2012-4555 has been assigned to this issue.
Red Hat would like to thank Patrick Raspante and Ryan Millay of GDC4S for reporting this issue.
Created pki-tps tracking bugs for this issue
Affects: fedora-all [bug 884830]
This issue has been addressed in following products:
Red Hat Certificate System 8
Via RHSA-2012:1550 https://rhn.redhat.com/errata/RHSA-2012-1550.html