Ganeti 'gnt_cluster.py' Insecure File Permissions Vulnerability
BID:69186
Info
Ganeti 'gnt_cluster.py' Insecure File Permissions Vulnerability
| Bugtraq ID: | 69186 |
| Class: | Design Error |
| CVE: |
CVE-2014-5247 |
| Remote: | No |
| Local: | Yes |
| Published: | Aug 12 2014 12:00AM |
| Updated: | Aug 14 2014 05:52PM |
| Credit: | Helga Velroyen and Guido Trotter |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Ganeti 'gnt_cluster.py' Insecure File Permissions Vulnerability
Ganeti is prone to an insecure file-permissions vulnerability.
A local attacker can exploit this issue by gaining access to a world-readable file and extracting sensitive information from it. Information obtained may aid in other attacks.
Following versions are affected:
Ganeti 2.10.0 through 2.10.6
Ganeti 2.11.0 through 2.11.4
Ganeti is prone to an insecure file-permissions vulnerability.
A local attacker can exploit this issue by gaining access to a world-readable file and extracting sensitive information from it. Information obtained may aid in other attacks.
Following versions are affected:
Ganeti 2.10.0 through 2.10.6
Ganeti 2.11.0 through 2.11.4
Exploit / POC
Ganeti 'gnt_cluster.py' Insecure File Permissions Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Ganeti 'gnt_cluster.py' Insecure File Permissions Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Ganeti 'gnt_cluster.py' Insecure File Permissions Vulnerability
References:
References:
- Ganeti Home Page (Ganeti)