CVE-2013-2144 – rhevm: insufficient target domain permission check when cloning a VM from a snapshot
https://notcve.org/view.php?id=CVE-2013-2144
Red Hat Enterprise Virtualization Manager (RHEVM) before 3.2 does not properly check permissions for the target storage domain, which allows attackers to cause a denial of service (disk space consumption) by cloning a VM from a snapshot. Red Hat Enterprise Virtualization Manager (RHEVM) anterior a 3.2, no maneja adecuadamente los permisos para el dominio de almacenamiento objetivo, lo que permite a atacantes provocar una denegación de servicio (consumo de espacio de disco) mediante el clonado de una máquina virtual desde un SnapShot. • http://rhn.redhat.com/errata/RHSA-2013-0888.html https://access.redhat.com/security/cve/CVE-2013-2144 https://bugzilla.redhat.com/show_bug.cgi?id=971058 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-0168 – rhev-m: insufficient MoveDisk target domain permission checks
https://notcve.org/view.php?id=CVE-2013-0168
The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to cause a denial of service (free space consumption of other storage domains) via unspecified vectors. El comando MoveDisk en Red Hat Enterprise Virtualization Manager (RHEV-M) v3.1 y anteriores, no valida adecuadamente los permisos en los dominios de almacenamiento, lo que permite a administradores de almacenamiento autenticados remotamente provocar una denegación de servicio (agotamiento del espacio libre sobre otros dominios de almacenamiento) a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2013-0211.html http://www.securityfocus.com/bid/57750 http://www.securitytracker.com/id/1028076 https://bugzilla.redhat.com/show_bug.cgi?id=893355 https://exchange.xforce.ibmcloud.com/vulnerabilities/81834 https://access.redhat.com/security/cve/CVE-2013-0168 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-6115 – rhev: rhevm-manage-domains logs admin passwords
https://notcve.org/view.php?id=CVE-2012-6115
The domain management tool (rhevm-manage-domains) in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier, when the validate action is enabled, logs the administrative password to a world-readable log file, which allows local users to obtain sensitive information by reading this file. La herramienta para la gestión de dominios (rhevm-manage-domains)Red Hat Enterprise Virtualization Manager (RHEV-M) v3.1 y anteriores, cuando la opción de validación está activada, registra la contraseña administrativa en un archivo de registro con permisos de lectura globales, lo que permite a usuarios locales obtener información sensible mediante su lectura. • http://gerrit.ovirt.org/gitweb?p=ovirt-engine.git%3Ba=commit%3Bh=e8c72daec4efa8be0fcd8ea55c41e855ddd8eedf http://rhn.redhat.com/errata/RHSA-2013-0211.html http://www.securityfocus.com/bid/57749 http://www.securitytracker.com/id/1028076 https://bugzilla.redhat.com/show_bug.cgi?id=893355 https://exchange.xforce.ibmcloud.com/vulnerabilities/81833 https://access.redhat.com/security/cve/CVE-2012-6115 https://bugzilla.redhat.com/show_bug.cgi?id=905865 • CWE-255: Credentials Management Errors •