CVE-2014-3561

Name of the Vulnerable Software and Affected Versions Red Hat Enterprise Virtualization version 3.4

Description The issue allows local users to obtain sensitive information, specifically the PostgreSQL database password, by listing the processes. This is because the rhevm-log-collector package uses the password on the command line when calling sosreport.

Recommendations For Red Hat Enterprise Virtualization version 3.4, consider restricting access to the sosreport command and the rhevm-log-collector package to minimize the risk of exploitation. As a temporary workaround, avoid using the rhevm-log-collector package until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.