Lucene search
PRIOn knowledge basePRION:CVE-2012-0861HistoryJan 04, 2013 - 10:55 p.m.
Code injection
2013-01-0422:55:00
PRIOn knowledge base
www.prio-n.com
1
The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code via a man-in-the-middle attack.
Related
cvelist
cvelist
CVE-2012-0861
2013-01-04 22:00:00
cve
cve
CVE-2012-0861
2013-01-04 22:55:01
nvd
nvd
CVE-2012-0861
2013-01-04 22:55:01
redhat
redhat
(RHSA-2012:1508) Important: rhev-3.1.0 vdsm security, bug fix, and enhancement update
2012-12-04 00:00:00
(RHSA-2012:1505) Important: rhev-hypervisor6 security, bug fix, and enhancement update
2012-12-04 00:00:00
(RHSA-2012:1506) Important: Red Hat Enterprise Virtualization Manager 3.1
2012-12-04 00:00:00
nessus
nessus
RHEL 6 : rhev-3.1.0 vdsm (RHSA-2012:1508)
2014-11-08 00:00:00
RHEL 6 : rhev-hypervisor6 (RHSA-2012:1505)
2014-11-08 00:00:00
RHEL 6 : Virtualization Manager (RHSA-2012:1506)
2014-11-08 00:00:00