oss-sec mailing list archives
Re: CVE request -- vdsm: certificate generation upon node creation
From: Kurt Seifried <kseifried () redhat com>
Date: Sun, 11 Nov 2012 00:18:47 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/10/2012 01:30 PM, Petr Matousek wrote:
When new node image is being created, vdsm.rpm is added to the node image and self-signed key (and certificate) is created. This key/cert allows vdsm to start and serve requests from anyone who has a matching key/cert which could be anybody holding the node image. Upstream fix: http://gerrit.ovirt.org/#/c/8368/ Acknowledgements: This issue was discovered by Dan Kenigsberg of Red Hat. References: https://bugzilla.redhat.com/show_bug.cgi?id=875367 Thanks,
Please use CVE-2012-5518 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJQn1FXAAoJEBYNRVNeJnmTFxYP/2Dax5sRFfDqAcwJX2oQ7nRN i3QvzOyvjCDqLNMZ6D3+6+p+Y2H2YoRgGgMctIjmIWMFL/V//v3rdbpxr/yKbztd 0tgk+Z1lhWuzkN/sWfZXiqc86QvOFK4wE7ThtsHBvguP0JOnxFn3BevKnJadwy7H inuLvz9uVFQv9v1RxYmchMZHJlYPaMPK9d3vbTQPxHVYdjbScFIUwzxyDcEqfKGX J3xj4mrAl1UpsUX05qTpT0/M31WqvbLUd7CCyNwuze4xEvz6qke+DES9E4C6OXII WkFoDDun0bsXi/tNINj/0LyTasqUJ/0M2Hz35GMkALkZrCb3vjHh/vZP6XNGfI2E 5fOO3fmS4wb8x4usDngzQDKWkAZfgWdmDuRIOlKoGaeboucvIJDkGVCvH+30xC2+ dBc1bFDHj592bN2SO8JHun593WkxIV6AsoUbe1EhDk3ji+3IwNuVau22M+NkexJn /5xAdbD4PqIk1FOoIqmFAMDYsVRMvdlsdVIlOdgvquo3BvRo7gnKRZRNblMgwzoX RtSjeP6FTI0atArlweuonwgmcKqvjMeT/KpoyOvf7s6iS6LLYZmX1vRe5zW2CgGo ogMrZHC+F8U7t0CBEaDFYWNr7lraQkAd1RZPJRq5c9Ow/5Jzjp91CXMsF4AesvWL FWtVrr8S0IXHHE0WRr9y =Kza/ -----END PGP SIGNATURE-----
Current thread:
- CVE request -- vdsm: certificate generation upon node creation Petr Matousek (Nov 10)
- Re: CVE request -- vdsm: certificate generation upon node creation Kurt Seifried (Nov 10)