CVE-2009-3552 – GUI: Man in the middle attack possible on the GUI to Backend SSL connection
https://notcve.org/view.php?id=CVE-2009-3552
In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML browser application) to connect to the Red Hat Enterprise Virtualization Manager. An attacker on the local network could use this flaw to conduct a man-in-the-middle attack, tricking the user into thinking they are viewing the Red Hat Enterprise Virtualization Manager when the content is actually attacker-controlled, or modifying actions a user requested Red Hat Enterprise Virtualization Manager to perform. En RHEV-M VDC versión 2.2.0, se detectó que el certificado SSL no fue comprobado cuando se usaba la interfaz Red Hat Enterprise Virtualization Manager del lado del cliente (una aplicación de navegador XAML de Windows Presentation Foundation (WPF)) para conectar con el Red Hat Enterprise Virtualization Manager. Un atacante en la red local podría utilizar este fallo para conducir un ataque de tipo man-in-the-middle, engañando al usuario para que piense que está visualizando el Red Hat Enterprise Virtualization Manager cuando el contenido está realmente controlado por el atacante, o modificando acciones que un usuario solicitó a Red Hat Enterprise Virtualization Manager realizar. • https://access.redhat.com/security/cve/cve-2009-3552 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3552 https://www.securityfocus.com/bid/42639 https://access.redhat.com/security/cve/CVE-2009-3552 https://bugzilla.redhat.com/show_bug.cgi?id=528890 • CWE-295: Improper Certificate Validation •
CVE-2018-8897 – Microsoft Windows - 'POP/MOV SS' Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-8897
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. • https://www.exploit-db.com/exploits/44697 https://www.exploit-db.com/exploits/45024 https://github.com/can1357/CVE-2018-8897 https://github.com/nmulasmajic/CVE-2018-8897 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 http://openwall.com/lists/oss-security/2018/05/08/1 http://openwall.com/lists/oss-security/2018/05/08/4 http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190921-01-debug-en http: • CWE-250: Execution with Unnecessary Privileges CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2015-5293
https://notcve.org/view.php?id=CVE-2015-5293
Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a system designated to be unreachable. Red Hat Enterprise Virtualization Manager 3.6 y anteriores entrega direcciones SLAAC IPv6 válidas a interfaces cuando "boot protocol" se establece como None. Esto podría permitir que atacantes remotos se comuniquen con un sistema diseñado para ser inalcanzable. • https://access.redhat.com/security/cve/CVE-2015-5293 https://bugzilla.redhat.com/show_bug.cgi?id=1267714 • CWE-284: Improper Access Control •
CVE-2015-0257 – ovirt-engine-dwh: incorrect permissions on plugin file containing passwords
https://notcve.org/view.php?id=CVE-2015-0257
Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory. Red Hat Enterprise Virtualization (RHEV) Manager anterior a 3.5.1 utiliza permisos débiles en los directorios compartidos por el servicio ovirt-engine-dwhd y un plugin durante el inicio del servicio, lo que permite a usuarios locales obtener información sensible mediante la lectura de ficheros en el directorio. It was discovered that a directory shared between the ovirt-engine-dwhd service and a plug-in used during the service's startup had incorrect permissions. A local user could use this flaw to access files in this directory, which could potentially contain sensitive information. • http://rhn.redhat.com/errata/RHSA-2015-0888.html http://www.securitytracker.com/id/1032231 https://access.redhat.com/security/cve/CVE-2015-0257 https://bugzilla.redhat.com/show_bug.cgi?id=1189085 • CWE-264: Permissions, Privileges, and Access Controls CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2015-0237 – vdsm: Users attempting a live storage migration create snapshot without snapshot creation permissions
https://notcve.org/view.php?id=CVE-2015-0237
Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users to cause a denial of service (prevent host start) by creating a long snapshot chain. Red Hat Enterprise Virtualization (RHEV) Manager anterior a 3.5.1 ignora el permiso para denegar la creación de instantáneas durante la migración del almacenaje en vivo entre dominios, lo que permite a usuarios remotos autenticados causar una denegación de servicio (impedir el inicio del anfitrión) mediante la creación de una cadena larga de instantáneas. It was discovered that the permissions to allow or deny snapshot creation were ignored during live storage migration of a VM's disk between storage domains. An attacker able to live migrate a disk between storage domains could use this flaw to cause a denial of service. • http://rhn.redhat.com/errata/RHSA-2015-0888.html http://www.securitytracker.com/id/1032231 https://access.redhat.com/security/cve/CVE-2015-0237 https://bugzilla.redhat.com/show_bug.cgi?id=1184716 • CWE-264: Permissions, Privileges, and Access Controls CWE-732: Incorrect Permission Assignment for Critical Resource •