CVE-2014-3561: Infoleak
First published: Fri Dec 05 2014(Updated: )
The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive information by listing the processes.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Enterprise Virtualization | =3.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-3561?
CVE-2014-3561 is classified as a moderate severity vulnerability due to the exposure of sensitive database password information.
How do I fix CVE-2014-3561?
To fix CVE-2014-3561, update to the latest version of the rhevm-log-collector package from Red Hat that addresses this issue.
Who is affected by CVE-2014-3561?
CVE-2014-3561 affects users of Red Hat Enterprise Virtualization 3.4 who have access to the command line.
What is the impact of CVE-2014-3561?
The impact of CVE-2014-3561 allows local users to potentially gain access to sensitive PostgreSQL database passwords.
Is there a workaround for CVE-2014-3561?
A potential workaround for CVE-2014-3561 is to restrict access to the sosreport command to trusted users only.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/redhat
- canonical/red hat enterprise virtualization
- version/red hat enterprise virtualization/3.4