Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0189

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2014-0189
Last Modified 17 Mar 2015 10:00:02
Published 02 May 2014 10:55:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2014-0189

Summary

virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file.

Vulnerable Systems

Application

  • Virt-who Project Virt-who -


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1088732

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1081286

BID - 67089

MLIST - [oss-security] 20140428 CVE-2014-0189: /etc/sysconfig/virt-who is world-readable (contains unencrypted passwords)

REDHAT - RHSA-2015:0430


Last Updated: 27 May 2016 11:08:06