Candidate: CVE-2014-5247
PublicDate: 2014-08-29 16:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5247
 http://www.ocert.org/advisories/ocert-2014-006.html
Description:
 The _UpgradeBeforeConfigurationChange function in lib/client/gnt_cluster.py
 in Ganeti 2.10.0 before 2.10.7 and 2.11.0 before 2.11.5 uses world-readable
 permissions for the configuration backup file, which allows local users to
 obtain SSL keys, remote API credentials, and other sensitive information by
 reading the file, related to the upgrade command.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_ganeti:
 upstream: http://git.ganeti.org/?p=ganeti.git;a=commit;h=a89f62e2db9ccf715d64d1a6322474b54d2d9ae0
upstream_ganeti: released (2.11.5-1)
lucid_ganeti: ignored (reached end-of-life)
precise_ganeti: ignored (reached end-of-life)
precise/esm_ganeti: DNE (precise was needed)
trusty_ganeti: ignored (reached end-of-life)
trusty/esm_ganeti: DNE (trusty was needed)
utopic_ganeti: ignored (reached end-of-life)
vivid_ganeti: ignored (reached end-of-life)
vivid/stable-phone-overlay_ganeti: DNE
vivid/ubuntu-core_ganeti: DNE
wily_ganeti: ignored (reached end-of-life)
xenial_ganeti: not-affected (2.15.2-3)
yakkety_ganeti: not-affected (2.15.2-6build3)
zesty_ganeti: not-affected (2.15.2-6build3)
artful_ganeti: DNE
bionic_ganeti: not-affected (2.11.5-1)
cosmic_ganeti: not-affected (2.11.5-1)
disco_ganeti: not-affected (2.11.5-1)
devel_ganeti: not-affected (2.11.5-1)