CVE-2014-3559

Sažetak

The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 does not wipe memory snapshots when deleting a VM, even when wipe-after-delete (WAD) is configured for the VM's disk, which allows remote authenticated users with certain credentials to read portions of the deleted VM's memory and obtain sensitive information via an uninitialized storage volume.

Reference

http://rhn.redhat.com/errata/RHSA-2014-1002.html
https://bugzilla.redhat.com/show_bug.cgi?id=1121925
http://www.securitytracker.com/id/1030664
https://exchange.xforce.ibmcloud.com/vulnerabilities/95098

CVSS

Base:	3.5
Impact:	2.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

13-02-2023 - 00:40

Objavljeno

06-08-2014 - 19:55