CVE-2014-0189

Published: May 2, 2014Modified: May 6, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file.

Affected (4)

Products: Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation · Virt Who Project: Virt Who

Redhat

3 products

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Workstation

Virt Who Project

1 product

Virt Who

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Workstation	Version 7.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Virt Who Project Virt Who	All versions

Related CWEs

CWE-310

References (10)

http://rhn.redhat.com/errata/RHSA-2015-0430.html

Source: secalert@redhat.com

Third Party Advisory

http://www.openwall.com/lists/oss-security/2014/04/28/2

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/67089

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1081286

Source: secalert@redhat.com

Issue Tracking

https://bugzilla.redhat.com/show_bug.cgi?id=1088732

Source: secalert@redhat.com

Issue Tracking

http://rhn.redhat.com/errata/RHSA-2015-0430.html