Date: Mon, 28 Apr 2014 12:19:04 +1000 From: Murray McAllister <mmcallis@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE-2014-0189: /etc/sysconfig/virt-who is world-readable (contains unencrypted passwords) Good morning, Not sure if anyone else is using https://fedorahosted.org/virt-who/ It was reported that "/etc/sysconfig/virt-who" is world-readable and contains plaintext passwords to connect to various hypervisors. A local attacker could use this flaw to obtain those passwords and gain access to the hypervisors. (CVE-2014-0189) Red Hat would like to thank Sal Castiglione for reporting this issue. Discussions about fixing the issue are ongoing: https://bugzilla.redhat.com/show_bug.cgi?id=1088732 https://bugzilla.redhat.com/show_bug.cgi?id=1081286 -- Murray McAllister / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.