6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.003 Low
EPSS
Percentile
66.6%
Red Hat CloudForms Management Engine delivers the insight, control, and
automation needed to address the challenges of managing virtual
environments. CloudForms Management Engine is built on Ruby on Rails, a
model-view-controller (MVC) framework for web application development.
Action Pack implements the controller and the view components.
The SSH utility script created a world-writable file in /tmp/ using a
predictable name, and then executed it as root. A local attacker could use
this flaw to execute arbitrary commands as the root user. (CVE-2014-3486)
A directory traversal flaw was found in the way Ruby on Rails handled
wildcard segments in routes with implicit rendering. A remote attacker
could use this flaw to retrieve arbitrary local files accessible to a Ruby
on Rails application using the aforementioned routes via a specially
crafted request. (CVE-2014-0130)
The root password of newly-deployed systems was logged to evm.log, allowing
attackers with local user accounts on the CloudForms Management Engine
server to gain root access to newly-deployed systems. (CVE-2014-0184)
A reflected cross-site scripting (XSS) flaw was found in the way CloudForms
Management Engine escaped JavaScript elements in certain views. An attacker
could construct a carefully crafted URL, which once visited by an
unsuspecting user, could cause the userβs web browser to execute a
malicious script in the context of the CloudForms Management Engine domain.
(CVE-2014-0176)
It was found that the wait_for_task() function of CloudForms Management
Engine could, under certain circumstances, enter an infinite loop. A remote
attacker could use this flaw to repeatedly call wait_for_task(), which
would cause an excessive amount of CPU resources to be consumed on the
system running CloudForms Management Engine, resulting in a denial of
service. (CVE-2014-0180)
CloudForms Management Engine used a default salt value to protect stored
passwords; however, as the salt value was known, this did not provide
additional protection. This made it easier for local attackers with access
to the stored passwords to perform brute-force attacks and recover the
plain text versions of the passwords. (CVE-2014-3489)
The CVE-2014-0176 issue was discovered by Martin Povolny of Red Hat, the
CVE-2014-0180 issue was discovered by Jan Rusnacko of the Red Hat Product
Security Team and CVE-2014-3486 issue was discovered by Kurt Seifried of
the Red Hat Product Security Team.
This update also fixes the following bugs:
Prior to this update, the dashboard widget regeneration could fail with
an error status for users who were members of multiple LDAP groups.
The Widget.get_group method has been updated to work with both a group ID
and a description, and the timing out of active and queued miq_tasks has
been fixed. Dashboard widgets now regenerate correctly. (BZ#1089673)
When CloudForms Management Engine failed to check the current region for
a user, the dashboard widgets would display no data for that user.
With this update, region checking has been fixed and all widgets in the
dashboard display correctly. (BZ#1090577)
In addition, this update adds the following enhancement:
All users of Red Hat CloudForms 3.0 are advised to upgrade to these updated
packages, which correct these issues and add this enhancement.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | x86_64 | cfme-lib | <Β 5.2.4.2-1.el6cf | cfme-lib-5.2.4.2-1.el6cf.x86_64.rpm |
RedHat | 6 | x86_64 | cfme-debuginfo | <Β 5.2.4.2-1.el6cf | cfme-debuginfo-5.2.4.2-1.el6cf.x86_64.rpm |
RedHat | 6 | x86_64 | mingw32-cfme-host | <Β 5.2.4.2-1.el6cf | mingw32-cfme-host-5.2.4.2-1.el6cf.x86_64.rpm |
RedHat | 6 | noarch | ruby193-rubygem-actionpack | <Β 3.2.13-8.el6cf | ruby193-rubygem-actionpack-3.2.13-8.el6cf.noarch.rpm |
RedHat | 6 | x86_64 | cfme | <Β 5.2.4.2-1.el6cf | cfme-5.2.4.2-1.el6cf.x86_64.rpm |
RedHat | 6 | x86_64 | cfme-appliance | <Β 5.2.4.2-1.el6cf | cfme-appliance-5.2.4.2-1.el6cf.x86_64.rpm |