libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N
Vendors Products
Redhat
  • Enterprise Linux
  • Enterprise Linux Server Eus
  • Virtualization
  • Enterprise Linux Server Aus
  • Enterprise Linux Server Tus
  • Enterprise Linux Desktop
  • Enterprise Linux Workstation
  • Enterprise Linux Server
  • Enterprise Linux Eus
Libvirt
  • Libvirt

Configuration 1 [-]

cpe:2.3:a:libvirt:libvirt:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
References
Link Resource
http://rhn.redhat.com/errata/RHSA-2016-2577.html Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/07/21/3 Mailing List Third Party Advisory
https://bugs.launchpad.net/ossn/+bug/1686743 Issue Tracking Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1245647 Issue Tracking Third Party Advisory
https://wiki.openstack.org/wiki/OSSN/OSSN-0079 Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2018-08-20T21:00:00

Updated: 2018-08-20T20:57:01

Reserved: 2015-07-01T00:00:00

Link: CVE-2015-5160

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2018-08-20T21:29:00.277

Modified: 2020-10-15T13:28:10.487

Link: CVE-2015-5160

JSON object: View

cve-icon Redhat Information

No data.

CWE