|Bugzilla:||875294: CVE-2012-5509 aeolus-configserver: aeolus-configserver-setup /tmp file conductor credentials leak|
The MITRE CVE dictionary describes this issue as:
aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file.
CVSS v2 metrics
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
|CloudForms Cloud Engine for RHEL 6 Server||RHSA-2013:0545||February 21, 2013|
This issue was discovered by Aaron Weitekamp of the Red Hat Cloud Quality Engineering team.
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.