CVE-2011-2925
First published: Wed Aug 17 2011(Updated: )
A flaw was discovered in cumin where it would log broker authentication credentials to the cumin log file. A local user exploiting this flaw could connect to the broker outside of cumin's control and perform certain operations such as scheduling jobs, setting attributes on jobs, as well as holding, releasing or removing jobs. The user could also use this to, depending on the defined ACLs of the broker, manipulate message queues and other privileged operations.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat enterprise MRG | =2.0 | |
| Red Hat Enterprise MRG | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=731574
- http://www.redhat.com/support/errata/RHSA-2011-1250.html
- http://secunia.com/advisories/45928
- http://www.securitytracker.com/id?1026021
- http://osvdb.org/75217
- http://www.redhat.com/support/errata/RHSA-2011-1249.html
- http://secunia.com/advisories/45887
- http://www.securityfocus.com/bid/49500
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69659
- https://rhn.redhat.com/errata/RHSA-2011-1250.html
- https://rhn.redhat.com/errata/RHSA-2011-1249.html
Frequently Asked Questions
What is the severity of CVE-2011-2925?
CVE-2011-2925 has a medium severity level due to the exposure of sensitive broker authentication credentials.
How do I fix CVE-2011-2925?
To fix CVE-2011-2925, update to the latest patched version of Red Hat Enterprise MRG that addresses this vulnerability.
Who is affected by CVE-2011-2925?
CVE-2011-2925 affects users running Red Hat Enterprise MRG version 2.0.
What impact does CVE-2011-2925 have on security?
CVE-2011-2925 allows local users to exploit broker authentication credentials to perform unauthorized operations.
Is there a workaround for CVE-2011-2925?
As an immediate workaround for CVE-2011-2925, limit access to the cumin log files to prevent unauthorized reading of broker credentials.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-2925
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/author
- agent/references
- agent/description
- agent/event
- agent/trending
- agent/source
- collector/nvd-historical
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- vendor/redhat
- canonical/redhat enterprise mrg
- version/redhat enterprise mrg/2.0
- canonical/red hat enterprise mrg
- version/red hat enterprise mrg/2.0