Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE request -- vdsm: certificate generation upon node creation
From: Petr Matousek <pmatouse () redhat com>
Date: Sat, 10 Nov 2012 21:30:20 +0100

When new node image is being created, vdsm.rpm is added to the node
image and self-signed key (and certificate) is created. This key/cert
allows vdsm to start and serve requests from anyone who has a matching
key/cert which could be anybody holding the node image.

Upstream fix:
http://gerrit.ovirt.org/#/c/8368/

Acknowledgements:

This issue was discovered by Dan Kenigsberg of Red Hat.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=875367

Thanks,
-- 
Petr Matousek / Red Hat Security Response Team


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault