Bug 1189085 (CVE-2015-0257) - CVE-2015-0257 ovirt-engine-dwh: incorrect permissions on plugin file containing passwords
Summary: CVE-2015-0257 ovirt-engine-dwh: incorrect permissions on plugin file containi...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2015-0257
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1189087 1189088
Blocks: 1189044
TreeView+ depends on / blocked
 
Reported: 2015-02-04 12:22 UTC by Wade Mealing
Modified: 2023-05-12 19:49 UTC (History)
17 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2015-04-29 04:06:57 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:0888 0 normal SHIPPED_LIVE Moderate: Red Hat Enterprise Virtualization Manager 3.5.1 update 2015-04-28 22:40:04 UTC

Description Wade Mealing 2015-02-04 12:22:00 UTC 
A flaw was discovered in the permissions on a directory shared by the ovirt-engine-dwhd and a plugin used during service startup.   The permission
allowed any system level user to read login and password permissions for the database.  This may allow an attacker to falsify business inteligence
data or deny access to business intelligence by modifying the contents of a plugin settings file used by the ovirt-engine-dwh component.
Comment 4 Wade Mealing 2015-02-05 03:16:16 UTC 
Acknowledgements:

This issue was discovered by Yedidyah Bar David of the Red Hat Enterprise Virtualization team.
Comment 5 errata-xmlrpc 2015-04-28 18:46:26 UTC 
This issue has been addressed in the following products:

  RHEV Manager version 3.5

Via RHSA-2015:0888 https://rhn.redhat.com/errata/RHSA-2015-0888.html
Note You need to log in before you can comment on or make changes to this bug.