CVE-2021-3551

NameCVE-2021-3551
DescriptionA flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threat from this vulnerability is to confidentiality.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs991665

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
dogtag-pki (PTS)bullseye10.10.2-3vulnerable
sid11.2.1-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
dogtag-pkisource(unstable)10.10.6-1991665

Notes

[bullseye] - dogtag-pki <no-dsa> (Minor issue)
https://bugzilla.redhat.com/show_bug.cgi?id=1959971
https://github.com/dogtagpki/pki/commit/0c2f3b84499584bb6029f5ba3988ed3cb081e548
https://github.com/dogtagpki/pki/commit/b01cd8cc7d3e391e69ed2c8161f7e15fa84553e6
https://github.com/dogtagpki/pki/commit/5b09fcaff11d33010469e695ef365a91c91674b5
Search for package or bug name: Reporting problems