Описание
ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.
It was discovered that ceph-deploy, a utility for deploying Red Hat Ceph Storage, would create the keyring file with world readable permissions, which could possibly allow a local user to obtain authentication credentials from the keyring file.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 1.1 | ceph-deploy | Will not fix | ||
| Red Hat Ceph Storage 1.3 | ceph-deploy | Not affected | ||
| Red Hat Ceph Storage 1.2 for CentOS | Fixed | RHSA-2015:1631 | 17.08.2015 | |
| Red Hat Ceph Storage 1.2 for RHEL 6 | ceph-deploy | Fixed | RHSA-2015:1092 | 11.06.2015 |
| Red Hat Ceph Storage 1.2 for RHEL 7 | ceph-deploy | Fixed | RHSA-2015:1092 | 11.06.2015 |
| Red Hat Ceph Storage 1.2 for Ubuntu | Fixed | RHSA-2015:1579 | 07.08.2015 |
Показывать по
Дополнительная информация
Статус:
4.9 Medium
CVSS2
Связанные уязвимости
ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.
ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.
ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.cl ...
ceph-deploy allows local users to obtain sensitive information by reading the file
4.9 Medium
CVSS2