virt-who is vulnerable to information disclosure. Excessive permissions on the /etc/sysconfig/virt-who
file allows any local users to read the contents and retrieve confidential information such as the password for hypervisors.
rhn.redhat.com/errata/RHSA-2015-0430.html
www.openwall.com/lists/oss-security/2014/04/28/2
www.securityfocus.com/bid/67089
access.redhat.com/errata/RHBA-2014:1206
access.redhat.com/errata/RHBA-2014:1513
access.redhat.com/errata/RHSA-2015:0430
access.redhat.com/security/cve/CVE-2014-0189
bugzilla.redhat.com/show_bug.cgi?id=1004247
bugzilla.redhat.com/show_bug.cgi?id=1009401
bugzilla.redhat.com/show_bug.cgi?id=1081286
bugzilla.redhat.com/show_bug.cgi?id=1088732
bugzilla.redhat.com/show_bug.cgi?id=1088756
bugzilla.redhat.com/show_bug.cgi?id=1092811
bugzilla.redhat.com/show_bug.cgi?id=1092818
bugzilla.redhat.com/show_bug.cgi?id=1092848
bugzilla.redhat.com/show_bug.cgi?id=1095597
bugzilla.redhat.com/show_bug.cgi?id=1124732
bugzilla.redhat.com/show_bug.cgi?id=861552
bugzilla.redhat.com/show_bug.cgi?id=864791
bugzilla.redhat.com/show_bug.cgi?id=975340
bugzilla.redhat.com/show_bug.cgi?id=990957
bugzilla.redhat.com/show_bug.cgi?id=991379
bugzilla.redhat.com/show_bug.cgi?id=993822
rhn.redhat.com/errata/RHBA-2014-1206.html