Описание
The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive information by listing the processes.
The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive information by listing the processes.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-3561
- https://access.redhat.com/errata/RHSA-2014:1947
- https://access.redhat.com/security/cve/CVE-2014-3561
- https://bugzilla.redhat.com/show_bug.cgi?id=1122781
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99096
- http://rhn.redhat.com/errata/RHSA-2014-1947.html
- http://www.securitytracker.com/id/1031291
Связанные уязвимости
The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive information by listing the processes.
The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive information by listing the processes.