RHEL 6 / 7 : ceph-deploy (RHSA-2015:1092)

An updated ceph-deploy package that fixes two security issues is now available for Red Hat Ceph Storage. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for...

ceph-deploy admin command copies keyring file to /etc/ceph which is world readable

It was discovered that ceph-deploy, a utility for deploying Red Hat Ceph Storage, would create the keyring file with world readable permissions, which could possibly allow a local user to obtain authentication credentials from the keyring file...

ceph-deploy: keyring permissions are world readable in ~ceph

It was discovered that ceph-deploy, a utility for deploying Red Hat Ceph Storage, would create the keyring file with world readable permissions, which could possibly allow a local user to obtain authentication credentials from the keyring file...

Microsoft Internet Explorer CVE-2015-1747 Remote Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...

CVE-2015-4053

The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file...

CVE-2015-4053

The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file...

Command injection

The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file...

PYSEC-2015-3

The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file...

PYSEC-2015-3

The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file...

UBUNTU-CVE-2015-4053

The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file...

CVE-2015-4053

CVE-2015-4053 affects ceph-deploy prior to 1.5.25, where the admin keyring (/etc/ceph/ceph.client.admin.keyring) is created with world-readable permissions. This allows a local user to read sensitive credentials. Remediation: upgrade ceph-deploy to 1.5.25 or newer (as cited by Red Hat and OSV/GHS...

Fedora Update for ceph-deploy FEDORA-2015-5981

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 21 : ceph-deploy-1.5.23-1.fc21 (2015-5981)

Update to ceph-deploy 1.5.23. This fixes CVE-2015-3010 keyring permissions are world readable in ceph. See upstream changelog for detailed changes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...

Fedora 22 : ceph-deploy-1.5.23-1.fc22 (2015-5953)

Update to ceph-deploy 1.5.23. This fixes CVE-2015-3010 keyring permissions are world readable in ceph. See upstream changelog for detailed changes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...

[SECURITY] Fedora 21 Update: ceph-deploy-1.5.23-1.fc21

An easy to use admin tool for deploy ceph storage clusters...

[SECURITY] Fedora 22 Update: ceph-deploy-1.5.23-1.fc22

An easy to use admin tool for deploy ceph storage clusters...

CVE-2015-3349

Multiple cross-site request forgery CSRF vulnerabilities in the Htaccess module before 7.x-2.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 deploy or 2 delete an .htaccess file via unspecified vectors...

HP has multiple remote code execution vulnerabilities

HP Easy Deploy is an automated deployment tool. A remote code execution vulnerability exists in HP Easy Deploy distributed by HP Easy Tools on HP Thin Client t5540, t5740, and t5740e devices and HP Flexible Thin Client t510, t520, t610, t620,t820 devices, which allows remote attackers to exploit...

Multiple Elevation of Privilege Vulnerabilities in HP

HP Easy Tools is a toolkit developed by Hewlett-Packard HP based on a wizard mode to guide the administrators of users in the financial industry for the initial installation and configuration of virtualization, easy and fast deployment. A security vulnerability exists in certain HP clients runnin...

CVE-2015-2113

Unspecified vulnerability in HP Easy Deploy, as distributed standalone and in HP Easy Tools before 3.0.1.1650, on HP Thin Client t5540, t5740, and t5740e devices and HP Flexible Thin Client t510, t520, t610, t620, and t820 devices allows remote attackers to execute arbitrary code via unknown...