CVE-2014-0189 — Incorrect Permission Assignment in Redhat Enterprise Linux Desktop

CWE-310 CWE-732 — Incorrect Permission Assignment CWE-522 — Insufficiently Protected Credentials7 documents5 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 77.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Linux Desktop Redhat Enterprise Linux Server Redhat Enterprise Linux Workstation

Timeline

PublishedMay 2

Latest updateMay 17

Description

virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/enterprise_linux_desktop7.0

▶NVDredhat/enterprise_linux_workstation7.0

🔴Vulnerability Details

GHSA

GHSA-x826-pxrg-mq9q: virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file↗2022-05-17

▶

📋Vendor Advisories

Red Hat

virt-who: plaintext hypervisor passwords in world-readable /etc/sysconfig/virt-who configuration file↗2014-03-26

▶

💬Community

Bugzilla

CVE-2014-0189 virt-who: plaintext hypervisor passwords in world-readable /etc/sysconfig/virt-who configuration file [fedora-all]↗2015-01-26

▶

Bugzilla

CVE-2014-0189 virt-who: plaintext hypervisor passwords in world-readable /etc/sysconfig/virt-who configuration file↗2014-04-17

▶