Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2012:1508
HistoryDec 04, 2012 - 12:00 a.m.

(RHSA-2012:1508) Important: rhev-3.1.0 vdsm security, bug fix, and enhancement update

2012-12-0400:00:00
access.redhat.com
19

0.003 Low

EPSS

Percentile

71.4%

JSON

VDSM is a management module that serves as a Red Hat Enterprise
Virtualization Manager agent on Red Hat Enterprise Virtualization
Hypervisor or Red Hat Enterprise Linux 6.3 hosts.

A flaw was found in the way Red Hat Enterprise Linux hosts were added to
the Red Hat Enterprise Virtualization environment. The Python scripts
needed to configure the host for Red Hat Enterprise Virtualization were
stored in the “/tmp/” directory and could be pre-created by an attacker. A
local, unprivileged user on the host to be added to the Red Hat Enterprise
Virtualization environment could use this flaw to escalate their
privileges. This update provides the VDSM part of the fix. The
RHSA-2012:1506 Red Hat Enterprise Virtualization Manager update must also
be installed to completely fix this issue. (CVE-2012-0860)

A flaw was found in the way Red Hat Enterprise Linux and Red Hat Enterprise
Virtualization Hypervisor hosts were added to the Red Hat Enterprise
Virtualization environment. The Python scripts needed to configure the host
for Red Hat Enterprise Virtualization were downloaded in an insecure way,
that is, without properly validating SSL certificates during HTTPS
connections. An attacker on the local network could use this flaw to
conduct a man-in-the-middle attack, potentially gaining root access to the
host being added to the Red Hat Enterprise Virtualization environment. This
update provides the VDSM part of the fix. The RHSA-2012:1506 Red Hat
Enterprise Virtualization Manager update must also be installed to
completely fix this issue. (CVE-2012-0861)

The CVE-2012-0860 and CVE-2012-0861 issues were discovered by Red Hat.

In addition to resolving the above security issues these updated VDSM
packages fix various bugs, and add various enhancements.

Documentation for these bug fixes and enhancements is available in the
Technical Notes:

https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Virtualization/3.1/html/Technical_Notes/index.html

All users who require VDSM are advised to install these updated packages
which resolve these security issues, fix these bugs, and add these
enhancements.

Related

nessus 3
redhat 2
nvd 2
prion 2
cvelist 2
cve 2
nessus
nessus
RHEL 6 : rhev-3.1.0 vdsm (RHSA-2012:1508)
2014-11-08 00:00:00
RHEL 6 : rhev-hypervisor6 (RHSA-2012:1505)
2014-11-08 00:00:00
RHEL 6 : Virtualization Manager (RHSA-2012:1506)
2014-11-08 00:00:00
redhat
redhat
(RHSA-2012:1505) Important: rhev-hypervisor6 security, bug fix, and enhancement update
2012-12-04 00:00:00
(RHSA-2012:1506) Important: Red Hat Enterprise Virtualization Manager 3.1
2012-12-04 00:00:00
nvd
nvd
CVE-2012-0860
2013-01-04 22:55:01
CVE-2012-0861
2013-01-04 22:55:01
prion
prion
Design/Logic Flaw
2013-01-04 22:55:00
Code injection
2013-01-04 22:55:00
cvelist
cvelist
CVE-2012-0860
2013-01-04 22:00:00
CVE-2012-0861
2013-01-04 22:00:00
cve
cve
CVE-2012-0860
2013-01-04 22:55:01
CVE-2012-0861
2013-01-04 22:55:01

0.003 Low

EPSS

Percentile

71.4%

JSON
Related for RHSA-2012:1508
nessus3redhat2nvd2prion2cvelist2cve2