Lucene search

PRIOn knowledge basePRION:CVE-2014-3486

HistoryJul 07, 2014 - 2:55 p.m.

Design/Logic Flaw

2014-07-0714:55:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.4%

JSON

The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allow local users to execute arbitrary commands via a symlink attack on a temporary file with a predictable name.

CPENameOperatorVersion
cloudforms_3.0_management_engineeq5.2.1
cloudforms_3.0_management_enginele5.2.4
cloudforms_3.0_management_engineeq5.2.1.6
cloudforms_3.0_management_engineeq5.2.3.2
cloudforms_3.0_management_engineeq5.2.2
cloudforms_3.0_management_engineeq5.2
cloudforms_3.0_management_engineeq5.2.3

Name	Operator	Version
cloudforms_3.0_management_engine	eq	5.2.1
cloudforms_3.0_management_engine	le	5.2.4
cloudforms_3.0_management_engine	eq	5.2.1.6
cloudforms_3.0_management_engine	eq	5.2.3.2
cloudforms_3.0_management_engine	eq	5.2.2
cloudforms_3.0_management_engine	eq	5.2
cloudforms_3.0_management_engine	eq	5.2.3

References

rhn.redhat.com/errata/RHSA-2014-0816.html

www.securityfocus.com/bid/68300

bugzilla.redhat.com/show_bug.cgi?id=1107528

7.5 High

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.4%

JSON

Related for PRION:CVE-2014-3486