CVE-2012-5509

Name of the Vulnerable Software and Affected Versions Aeolus Configuration Server versions prior to 1.1.2

Description The issue concerns the aeolus-configserver-setup in the Aeolus Configuration Server, which is used in Red Hat CloudForms Cloud Engine. It uses world-readable permissions for a temporary file in /tmp. This allows local users to read credentials by accessing this file.

Recommendations For versions prior to 1.1.2, update to version 1.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the temporary files in /tmp to minimize the risk of credential exposure.