CVE-2015-4053

Опубликовано: 21 мая 2015

Источник: redhat

CVSS2: 4.3

Описание

The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.

It was discovered that ceph-deploy, a utility for deploying Red Hat Ceph Storage, would create the keyring file with world readable permissions, which could possibly allow a local user to obtain authentication credentials from the keyring file.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Ceph Storage 1.1	ceph-deploy	Will not fix
Red Hat Ceph Storage 1.3	ceph-deploy	Not affected
Red Hat Ceph Storage 1.2 for CentOS		Fixed	RHSA-2015:1631	17.08.2015
Red Hat Ceph Storage 1.2 for RHEL 6	ceph-deploy	Fixed	RHSA-2015:1092	11.06.2015
Red Hat Ceph Storage 1.2 for RHEL 7	ceph-deploy	Fixed	RHSA-2015:1092	11.06.2015
Red Hat Ceph Storage 1.2 for Ubuntu		Fixed	RHSA-2015:1579	07.08.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-732

https://bugzilla.redhat.com/show_bug.cgi?id=1224129ceph-deploy admin command copies keyring file to /etc/ceph which is world readable

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2015-4053

ubuntu

больше 10 лет назад

The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.

CVE-2015-4053

nvd

больше 10 лет назад

The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.

CVE-2015-4053

debian

больше 10 лет назад

The admin command in ceph-deploy before 1.5.25 uses world-readable per ...

GHSA-79jf-ccm8-43w7

github

больше 3 лет назад

ceph-deploy uses world-readable permissions on client.admin key

4.3 Medium

CVSS2