CVE-2012-6119 Information

Description

Candlepin before 0.7.24 as used in Red Hat Subscription Asset Manager before 1.2.1 does not properly check manifest signatures which allows local users to modify manifests.

Reference

http://rhn.redhat.com/errata/RHSA-2013-0686.html http://secunia.com/advisories/52774 http://www.osvdb.org/91719 https://bugzilla.redhat.com/show_bug.cgi?id=908613 https://github.com/candlepin/candlepin/blob/master/candlepin.spec https://github.com/candlepin/candlepin/commit/f4d93230e58b969c506b4c9778e04482a059b08c