Candidate: CVE-2015-5284
PublicDate: 2017-09-21 14:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5284
 https://fedorahosted.org/freeipa/ticket/5347
Description:
 ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and
 private key in /etc/httpd/alias/kra-agent.pem, which is world readable.
Ubuntu-Description:
Notes:
 sbeattie> 4.2.0 only
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_freeipa:
 upstream: https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=55a66ccba3e2181a50e7733b7476991975b7455f
upstream_freeipa: needs-triage
precise_freeipa: not-affected (4.2.0 only)
trusty_freeipa: not-affected (4.2.0 only)
trusty/esm_freeipa: not-affected (4.2.0 only)
vivid_freeipa: not-affected (4.2.0 only)
devel_freeipa: not-affected (4.2.0 only)