PT-2019-6945 · Ovirt · Ovirt Engine
Yedidyah Bar David
·
Published
2019-11-01
·
Updated
2019-11-07
·
CVE-2013-4367
CVSS v2.0
4.6
Medium
| Vector | AV:L/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
ovirt-engine version 3.2
Description
The issue arises from an upstream kernel change affecting how python's os.chmod() works when passed a mode of '-1', resulting in certain files being created world-writeable on Linux kernel 3.1 and newer.
Recommendations
For ovirt-engine version 3.2, consider modifying the file creation process to explicitly set the desired permissions, avoiding the use of '-1' as a mode for os.chmod().
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ovirt Engine