CVE-2014-5036: Infoleak
First published: Fri Sep 05 2014(Updated: )
The Storage Controller (SC) component in Eucalyptus 3.4.2 through 4.0.x before 4.0.1, when Dell Equallogic SAN is used, logs the CHAP user credentials, which allows local users to obtain sensitive information by reading the logs.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Eucalyptus | =3.4.2 | |
| Eucalyptus | =3.4.3 | |
| Eucalyptus | =4.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-5036?
CVE-2014-5036 has a severity rating that indicates potential risk due to sensitive information exposure.
How do I fix CVE-2014-5036?
To fix CVE-2014-5036, upgrade to Eucalyptus version 4.0.1 or later to eliminate the logging of CHAP user credentials.
Who is affected by CVE-2014-5036?
CVE-2014-5036 affects users of Eucalyptus versions 3.4.2 to 4.0.0 when using Dell Equallogic SAN.
What are the consequences of CVE-2014-5036?
The consequences of CVE-2014-5036 include local users gaining unauthorized access to sensitive CHAP credentials.
Is CVE-2014-5036 specific to certain environments?
Yes, CVE-2014-5036 is specifically related to environments utilizing Eucalyptus with Dell Equallogic SAN.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/eucalyptus
- canonical/eucalyptus
- version/eucalyptus/3.4.2
- version/eucalyptus/3.4.3
- version/eucalyptus/4.0.0