CVE-2016-3095

Published on: 06/08/2017 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:02 PM UTC

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Certain versions of Fedora from Fedoraproject contain the following vulnerability:

server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key.

  • CVE-2016-3095 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 5.5 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH NONE NONE

CVSS2 Score: 2.1 - LOW

Access
Vector
Access
Complexity
Authentication
LOCAL LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL NONE NONE

CVE References

Description Tags Link
oss-security - CVE-2013-7450: Pulp < 2.3.0 distributed the same CA key to all users Mailing List
Third Party Advisory
www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160418 CVE-2013-7450: Pulp < 2.3.0 distributed the same CA key to all users
1322706 – (CVE-2016-3095) CVE-2016-3095 pulp: Potential leakage when generating new CA key in /tmp Exploit
Issue Tracking
Patch
Third Party Advisory
VDB Entry
bugzilla.redhat.com
text/html
URL Logo CONFIRM bugzilla.redhat.com/show_bug.cgi?id=1322706
Use 4096 bits on the auth CA instead of 2048. by bowlofeggs · Pull Request #2503 · pulp/pulp · GitHub Patch
Third Party Advisory
github.com
text/html
URL Logo CONFIRM github.com/pulp/pulp/pull/2503/commits/9f969b94c4b4f310865455d36db207de6cffebca
[SECURITY] Fedora 24 Update: pulp-2.8.2-1.fc24 Third Party Advisory
lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2016-f75bd73891
oss-security - Pulp 2.8.2 release for CVE-2016-3095 Mailing List
Third Party Advisory
www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160406 Pulp 2.8.2 release for CVE-2016-3095

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
FedoraprojectFedora24AllAllAll
Operating
System
FedoraprojectFedora24AllAllAll
ApplicationPulpprojectPulpAllAllAllAll
  • cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*:
  • cpe:2.3:a:pulpproject:pulp:*:*:*:*:*:*:*:*: