PT-2013-1518 · Red Hat · Red Hat Enterprise Virtualization Manager
Petr Matousek
·
Published
2013-01-04
·
Updated
2023-02-13
·
CVE-2012-0860
CVSS v2.0
6.2
Medium
| Vector | AV:L/AC:H/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Red Hat Enterprise Virtualization Manager (RHEV-M) versions prior to 3.1
Description
The issue allows local users to gain privileges via a Trojan horse Python module, specifically
deployUtil.py or vds bootstrap.py, in the /tmp/ directory when adding a host.Recommendations
For versions prior to 3.1, update to version 3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the
/tmp/ directory to minimize the risk of exploitation. Avoid using the deployUtil.py and vds bootstrap.py modules in the /tmp/ directory until the issue is resolved.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Red Hat Enterprise Virtualization Manager