CVE-2011-2925
First published: Wed Aug 17 2011(Updated: )
A flaw was discovered in cumin where it would log broker authentication credentials to the cumin log file. A local user exploiting this flaw could connect to the broker outside of cumin's control and perform certain operations such as scheduling jobs, setting attributes on jobs, as well as holding, releasing or removing jobs. The user could also use this to, depending on the defined ACLs of the broker, manipulate message queues and other privileged operations.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Enterprise Mrg | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=731574
- http://www.redhat.com/support/errata/RHSA-2011-1250.html
- http://secunia.com/advisories/45928
- http://www.securitytracker.com/id?1026021
- http://osvdb.org/75217
- http://www.redhat.com/support/errata/RHSA-2011-1249.html
- http://secunia.com/advisories/45887
- http://www.securityfocus.com/bid/49500
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69659
- https://rhn.redhat.com/errata/RHSA-2011-1250.html
- https://rhn.redhat.com/errata/RHSA-2011-1249.html
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-2925
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/author
- agent/references
- agent/description
- agent/event
- agent/tags
- agent/trending
- vendor/redhat
- canonical/redhat enterprise mrg
- version/redhat enterprise mrg/2.0