Bug 1029652 - (CVE-2013-4561) CVE-2013-4561 openshift-origin-msg-node-mcollective: /etc/cron.minutely/openshift-facts tmp file creation
CVE-2013-4561 openshift-origin-msg-node-mcollective: /etc/cron.minutely/opens...
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20131024,reported=2...
: Security
Depends On: 1022889 1034206
Blocks:
  Show dependency treegraph
 
Reported: 2013-11-12 15:20 EST by Kurt Seifried
Modified: 2013-11-25 07:32 EST (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-11-12 15:41:38 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Kurt Seifried 2013-11-12 15:20:40 EST
Johnny Liu of Red Hat reports:

Description of problem:
In openshift node, there is a cron job to update mcollective facts.
# cat /etc/cron.minutely/openshift-facts 
#!/bin/bash

PREFIX=""

if [ -f /opt/rh/ruby193/root/usr/libexec/mcollective/update_yaml.rb ]; then
  PREFIX="/opt/rh/ruby193/root"
fi

oo-exec-ruby ${PREFIX}/usr/libexec/mcollective/update_yaml.rb ${PREFIX}/etc/mcollective/facts.yaml &> /tmp/facts.log
Comment 1 Kurt Seifried 2013-11-12 15:41:15 EST
Not vulnerable. This issue did not affect the versions of openshift-origin-msg-node-mcollective as shipped with Red Hat OpenShift Online and OpenShift Enterprise 1.x.

Note You need to log in before you can comment on or make changes to this bug.