本文共 1171 字,大约阅读时间需要 3 分钟。
It was found that the ovirt-engine-reports setup script logged the reports database password in plain text to a world-readable file. An attacker with a local user account on the Red Hat Enterprise Virtualization Manager server could use this flaw to access, read, and modify the reports database. (CVE-2014-0199) Note: Applying the update provided by this advisory does not modify any existing log files. It is recommended that you search your existing log files and remove any occurrences of plain text passwords manually. It was found that the Red Hat Enterprise Virtualization Manager reports datasource configuration file (js-jboss7-ds.xml) was world-readable. An attacker with a local user account on the Red Hat Enterprise Virtualization Manager server could use this flaw to access, read, and modify the reports database. (CVE-2014-0200) It was found that multiple ovirt-engine-reports configuration files were world-readable. An attacker with a local user account on the Red Hat Enterprise Virtualization Manager server could use this flaw to access a variety of potentially sensitive information. (CVE-2014-0201)
https://rhn.redhat.com/errata/RHSA-2014-0558.html
转载地址:http://gummb.baihongyu.com/