18 matches found
EUVD-2012-5401
Malware in sbrugna...
EUVD-2012-5985
Malware in sbrugna...
Information Disclosure
Aeolus Configuration Server is vulnerable to information disclosure. Passwords are stored in plain text in the world-readable /var/log/aeolus-configserver/configserver.log file. A local attacker could use this flaw to obtain the administrative passwords for other services...
CVE-2012-6118
The Administer tab in Aeolus Conductor allows remote authenticated users to bypass intended quota restrictions by updating the Maximum Running Instances quota user setting...
CVE-2012-6117
Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file...
Design/Logic Flaw
Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file...
Design/Logic Flaw
The Administer tab in Aeolus Conductor allows remote authenticated users to bypass intended quota restrictions by updating the Maximum Running Instances quota user setting...
CVE-2012-6117
Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file...
CVE-2012-6118
The Administer tab in Aeolus Conductor allows remote authenticated users to bypass intended quota restrictions by updating the Maximum Running Instances quota user setting...
CVE-2012-6117
CVE-2012-6117 affects Aeolus Configuration Server as used in Red Hat CloudForms Cloud Engine prior to 1.1.2. The issue is that /var/log/aeolus-configserver/configserver.log is world-readable, allowing local attackers to read plaintext passwords stored in the log file. Red Hat addressed this with ...
CVE-2012-6118
The CVE-2012-6118 issue affects Aeolus Conductor’s web-based management console, where an unprivileged (authenticated) user could bypass quota restrictions by modifying the Maximum Running Instances quota setting. Connected sources corroborate an authorization-bypass style flaw tied to Conductor ...
CVE-2012-5509
aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file...
CVE-2012-5509
CVE-2012-5509 affects Aeolus Configuration Server used with Red Hat CloudForms Cloud Engine prior to 1.1.2. The aeolus-configserver-setup script creates a world-readable temporary file in /tmp that contains credentials, enabling a local attacker to read them. Red Hat’s advisory for CloudForms Clo...
PT-2013-1801 · Red Hat · Aeolus Configuration Server
Name of the Vulnerable Software and Affected Versions: Aeolus Configuration Server versions prior to 1.1.2 Description: The issue concerns the aeolus-configserver-setup in the Aeolus Configuration Server, which is used in Red Hat CloudForms Cloud Engine. It uses world-readable permissions for a...
Configserver: Passwords from application blueprint stored plaintext in configserver.log
Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file...
Conductor: Unprivileged user can change their own Maximum Running Instances quota
The Administer tab in Aeolus Conductor allows remote authenticated users to bypass intended quota restrictions by updating the Maximum Running Instances quota user setting...
aeolus-configserver: aeolus-configserver-setup /tmp file conductor credentials leak
aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file...
sos security, bug fix, and enhancement update
2.2-29.0.1.el6 - Direct traceroute to linux.oracle.com John Haxby orabug 11713272 - Disable --upload option as it will not work with Oracle support - Check oraclelinux-release instead of redhat-release to get OS version John Haxby bug 11681869 - Remove RH ftp URL and support email - add...