3 matches found
Enomaly ECP多个安全漏洞
BUGTRAQ ID: 33544 CVECAN ID: CVE-2008-4990,CVE-2009-0390 Enomaly ECP(之前名为Enomalism)是用于管理虚拟机的软件。 ECP的enomalism2.sh中存在多个安全漏洞,本地攻击者可以通过符号链接攻击以root用户权限覆盖任意系统文件、向kill命令注入参数以终止任意进程或向进程发送信号,或导致虚拟机无法启动。 Enomaly Elastic Computing Platform 2.1 临时解决方法: 将PIDFILE从/tmp/enomalism2.pid更改为/var/run/enomalism2.pid。...
Enomaly ECP/Enomalism: Multiple vulnerabilities in enomalism2.sh (redux)
Enomaly ECP/Enomalism: Multiple vulnerabilities in enomalism2.sh redux Synopsis All versions of Enomaly ECP/Enomalism1 before 2.2.1 have multiple issues relating to the use of temporary files in an insecure manner. Fixes for CVE-2008-49902 and CVE-2009-03903 in 2.1.1 and 2.2 were found to be...
Enomaly ECP/Enomalism enomalism2.sh Temporary Files
Enomaly ECP/Enomalism: Multiple vulnerabilities in enomalism2.sh redux Synopsis All versions of Enomaly ECP/Enomalism1 before 2.2.1 have multiple issues relating to the use of temporary files in an insecure manner. Fixes for CVE-2008-49902 and CVE-2009-03903 in 2.1.1 and 2.2 were found to be...