CVE-2014-3486 – CFME: SSH Utility insecure tmp file creation leading to code execution as root
https://notcve.org/view.php?id=CVE-2014-3486
The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allow local users to execute arbitrary commands via a symlink attack on a temporary file with a predictable name. (1) La función shell_exec en lib/util/MiqSshUtilV1.rb y (2) la función temp_cmd_file en lib/util/MiqSshUtilV2.rb en Red Hat CloudForms 3.0 Management Engine (CFME) anterior a 5.2.4.2 permiten a usuarios locales ejecutar comandos arbitrarios a través de un ataque de enlace simbólico sobre un fichero temporal con un nombre predecible. • http://rhn.redhat.com/errata/RHSA-2014-0816.html http://www.securityfocus.com/bid/68300 https://bugzilla.redhat.com/show_bug.cgi?id=1107528 https://access.redhat.com/security/cve/CVE-2014-3486 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •
CVE-2014-3489 – CFME: Default salt value in miq-password.rb
https://notcve.org/view.php?id=CVE-2014-3489
lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force attack. lib/util/miq-password.rb en Red Hat CloudForms 3.0 Management Engine (CFME) anterior a 5.2.4.2 utiliza un salt embebido, lo que facilita a atacantes remotos adivinar contraseñas a través de un ataque de fuerza bruta. • http://rhn.redhat.com/errata/RHSA-2014-0816.html http://www.securityfocus.com/bid/68299 https://access.redhat.com/security/cve/CVE-2014-3489 https://bugzilla.redhat.com/show_bug.cgi?id=1107853 • CWE-255: Credentials Management Errors CWE-321: Use of Hard-coded Cryptographic Key •
CVE-2014-0184 – CFME: root password is written to evm.log when entered during VM provisioning
https://notcve.org/view.php?id=CVE-2014-0184
Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 logs the root password when deploying a VM, which allows local users to obtain sensitive information by reading the evm.log file. Red Hat CloudForms 3.0 Management Engine (CFME) anterior a 5.2.4.2 registra la contraseña root cuando implementa un VM, lo que permite a usuarios locales obtener información sensible mediante la lectura del fichero evm.log. • http://rhn.redhat.com/errata/RHSA-2014-0816.html https://access.redhat.com/security/cve/CVE-2014-0184 https://bugzilla.redhat.com/show_bug.cgi?id=1089131 • CWE-255: Credentials Management Errors CWE-522: Insufficiently Protected Credentials •
CVE-2014-0180 – CFME: app/controllers/application_controller.rb wait_for_task DoS
https://notcve.org/view.php?id=CVE-2014-0180
The wait_for_task function in app/controllers/application_controller.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via unspecified vectors. La función wait_for_task en app/controllers/application_controller.rb en Red Hat CloudForms 3.0 Management Engine (CFME) anterior a 5.2.4.2 permite a atacantes remotos causar una denegación de servicio (bucle infinito y consumo de CPU) a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2014-0816.html https://access.redhat.com/security/cve/CVE-2014-0180 https://bugzilla.redhat.com/show_bug.cgi?id=1087909 • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVE-2014-0137 – CFME: ReportController SQL injection
https://notcve.org/view.php?id=CVE-2014-0137
SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to MiqReportResult.exists. Vulnerabilidad de inyección SQL en la acción saved_report_delete en ReportController en Red Hat CloudForms Management Engine (CFME) anterior a 5.2.3.2 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados, relacionado con MiqReportResult.exists. • http://rhn.redhat.com/errata/RHSA-2014-0469.html https://access.redhat.com/security/cve/CVE-2014-0137 https://bugzilla.redhat.com/show_bug.cgi?id=1076688 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •