RHSA-2015:0791
Vulnerability from csaf_redhat - Published: 2015-04-07 15:07 - Updated: 2026-03-20 18:09Summary
Red Hat Security Advisory: Red Hat Enterprise Linux OpenStack Platform Installer update
Severity
Important
Notes
Topic: Updated Red Hat Enterprise Linux OpenStack Platform Installer packages that
fix one security issue and several bugs are now available for Red Hat
Enterprise Linux OpenStack Platform 6.0.
Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
Details: Red Hat Enterprise OpenStack Platform Installer is a deployment management
tool. It provides a web user interface for managing the installation and
configuration of remote systems. Deployment of changes is performed using
Puppet. Additionally, Dynamic Host Configuration Protocol (DHCP), Domain
Name System (DNS), Preboot Execution Environment (PXE), and Trivial File
Transfer Protocol (TFTP) services can be provided. Controlling these
services also enables provisioning of physical systems that do not yet have
an operating system installed.
It was discovered that the puppet manifests, as provided with the
openstack-puppet-modules package, would configure the pcsd daemon with a
known default password. If this password was not changed and an attacker
was able to gain access to pcsd, they could potentially run shell commands
as root. (CVE-2015-1842)
Note: This flaw only affects Red Hat Enterprise Linux OpenStack Platform
installations deployed using the HA feature set.
For additional information on addressing this flaw see:
https://access.redhat.com/articles/1396123
This issue was discovered by Alessandro Vozza of Red Hat.
In addition to the above issue, this update also addresses multiple bugs
which are documented in the Red Hat Enterprise Linux OpenStack Platform
Technical Notes, linked to in the References section.
All Red Hat Enterprise Linux OpenStack Platform Installer users are advised
to upgrade to these updated packages, which correct these issues.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
It was discovered that the puppet manifests, as provided with the openstack-puppet-modules package, would configure the pcsd daemon with a known default password. If this password was not changed and an attacker was able to gain access to pcsd, they could potentially run shell commands as root.
9.3 ()
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2015:0791
References
Acknowledgments
Red Hat
Alessandro Vozza
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Red Hat Enterprise Linux OpenStack Platform Installer packages that\nfix one security issue and several bugs are now available for Red Hat\nEnterprise Linux OpenStack Platform 6.0.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Enterprise OpenStack Platform Installer is a deployment management\ntool. It provides a web user interface for managing the installation and\nconfiguration of remote systems. Deployment of changes is performed using\nPuppet. Additionally, Dynamic Host Configuration Protocol (DHCP), Domain\nName System (DNS), Preboot Execution Environment (PXE), and Trivial File\nTransfer Protocol (TFTP) services can be provided. Controlling these\nservices also enables provisioning of physical systems that do not yet have\nan operating system installed.\n\nIt was discovered that the puppet manifests, as provided with the\nopenstack-puppet-modules package, would configure the pcsd daemon with a\nknown default password. If this password was not changed and an attacker\nwas able to gain access to pcsd, they could potentially run shell commands\nas root. (CVE-2015-1842)\n\nNote: This flaw only affects Red Hat Enterprise Linux OpenStack Platform\ninstallations deployed using the HA feature set.\n\nFor additional information on addressing this flaw see:\nhttps://access.redhat.com/articles/1396123\n\nThis issue was discovered by Alessandro Vozza of Red Hat.\n\nIn addition to the above issue, this update also addresses multiple bugs\nwhich are documented in the Red Hat Enterprise Linux OpenStack Platform\nTechnical Notes, linked to in the References section.\n\nAll Red Hat Enterprise Linux OpenStack Platform Installer users are advised\nto upgrade to these updated packages, which correct these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2015:0791",
"url": "https://access.redhat.com/errata/RHSA-2015:0791"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/6/html/Technical_Notes/index.html",
"url": "https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/6/html/Technical_Notes/index.html"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/1396123",
"url": "https://access.redhat.com/articles/1396123"
},
{
"category": "external",
"summary": "1131584",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131584"
},
{
"category": "external",
"summary": "1179892",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1179892"
},
{
"category": "external",
"summary": "1187815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1187815"
},
{
"category": "external",
"summary": "1188602",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1188602"
},
{
"category": "external",
"summary": "1189921",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1189921"
},
{
"category": "external",
"summary": "1190185",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1190185"
},
{
"category": "external",
"summary": "1191519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191519"
},
{
"category": "external",
"summary": "1192513",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1192513"
},
{
"category": "external",
"summary": "1192862",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1192862"
},
{
"category": "external",
"summary": "1192864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1192864"
},
{
"category": "external",
"summary": "1193582",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1193582"
},
{
"category": "external",
"summary": "1194269",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1194269"
},
{
"category": "external",
"summary": "1196310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1196310"
},
{
"category": "external",
"summary": "1198032",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198032"
},
{
"category": "external",
"summary": "1199266",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1199266"
},
{
"category": "external",
"summary": "1199827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1199827"
},
{
"category": "external",
"summary": "1201363",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1201363"
},
{
"category": "external",
"summary": "1201875",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1201875"
},
{
"category": "external",
"summary": "1202464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202464"
},
{
"category": "external",
"summary": "1204483",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1204483"
},
{
"category": "external",
"summary": "1204647",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1204647"
},
{
"category": "external",
"summary": "1207284",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207284"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_0791.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Enterprise Linux OpenStack Platform Installer update",
"tracking": {
"current_release_date": "2026-03-20T18:09:26+00:00",
"generator": {
"date": "2026-03-20T18:09:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2015:0791",
"initial_release_date": "2015-04-07T15:07:29+00:00",
"revision_history": [
{
"date": "2015-04-07T15:07:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2015-04-07T15:07:29+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-20T18:09:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenStack 6 Installer for RHEL 7",
"product": {
"name": "OpenStack 6 Installer for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0-Installer",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack-installer:6::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "foreman-proxy-0:1.6.0.30-6.el7ost.src",
"product": {
"name": "foreman-proxy-0:1.6.0.30-6.el7ost.src",
"product_id": "foreman-proxy-0:1.6.0.30-6.el7ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-proxy@1.6.0.30-6.el7ost?arch=src"
}
}
},
{
"category": "product_version",
"name": "foreman-discovery-image-0:7.0-20150227.0.el7ost.src",
"product": {
"name": "foreman-discovery-image-0:7.0-20150227.0.el7ost.src",
"product_id": "foreman-discovery-image-0:7.0-20150227.0.el7ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-discovery-image@7.0-20150227.0.el7ost?arch=src"
}
}
},
{
"category": "product_version",
"name": "rhel-osp-installer-1:0.5.7-1.el7ost.src",
"product": {
"name": "rhel-osp-installer-1:0.5.7-1.el7ost.src",
"product_id": "rhel-osp-installer-1:0.5.7-1.el7ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhel-osp-installer@0.5.7-1.el7ost?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openstack-foreman-installer-0:3.0.22-1.el7ost.src",
"product": {
"name": "openstack-foreman-installer-0:3.0.22-1.el7ost.src",
"product_id": "openstack-foreman-installer-0:3.0.22-1.el7ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-foreman-installer@3.0.22-1.el7ost?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-staypuft-0:0.5.22-1.el7ost.src",
"product": {
"name": "ruby193-rubygem-staypuft-0:0.5.22-1.el7ost.src",
"product_id": "ruby193-rubygem-staypuft-0:0.5.22-1.el7ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-staypuft@0.5.22-1.el7ost?arch=src"
}
}
},
{
"category": "product_version",
"name": "openstack-puppet-modules-0:2014.2.13-2.el7ost.src",
"product": {
"name": "openstack-puppet-modules-0:2014.2.13-2.el7ost.src",
"product_id": "openstack-puppet-modules-0:2014.2.13-2.el7ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-puppet-modules@2014.2.13-2.el7ost?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "foreman-proxy-0:1.6.0.30-6.el7ost.noarch",
"product": {
"name": "foreman-proxy-0:1.6.0.30-6.el7ost.noarch",
"product_id": "foreman-proxy-0:1.6.0.30-6.el7ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-proxy@1.6.0.30-6.el7ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-discovery-image-0:7.0-20150227.0.el7ost.noarch",
"product": {
"name": "foreman-discovery-image-0:7.0-20150227.0.el7ost.noarch",
"product_id": "foreman-discovery-image-0:7.0-20150227.0.el7ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-discovery-image@7.0-20150227.0.el7ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhel-osp-installer-client-1:0.5.7-1.el7ost.noarch",
"product": {
"name": "rhel-osp-installer-client-1:0.5.7-1.el7ost.noarch",
"product_id": "rhel-osp-installer-client-1:0.5.7-1.el7ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhel-osp-installer-client@0.5.7-1.el7ost?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhel-osp-installer-1:0.5.7-1.el7ost.noarch",
"product": {
"name": "rhel-osp-installer-1:0.5.7-1.el7ost.noarch",
"product_id": "rhel-osp-installer-1:0.5.7-1.el7ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhel-osp-installer@0.5.7-1.el7ost?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openstack-foreman-installer-0:3.0.22-1.el7ost.noarch",
"product": {
"name": "openstack-foreman-installer-0:3.0.22-1.el7ost.noarch",
"product_id": "openstack-foreman-installer-0:3.0.22-1.el7ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-foreman-installer@3.0.22-1.el7ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-staypuft-doc-0:0.5.22-1.el7ost.noarch",
"product": {
"name": "ruby193-rubygem-staypuft-doc-0:0.5.22-1.el7ost.noarch",
"product_id": "ruby193-rubygem-staypuft-doc-0:0.5.22-1.el7ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-staypuft-doc@0.5.22-1.el7ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-staypuft-0:0.5.22-1.el7ost.noarch",
"product": {
"name": "ruby193-rubygem-staypuft-0:0.5.22-1.el7ost.noarch",
"product_id": "ruby193-rubygem-staypuft-0:0.5.22-1.el7ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-staypuft@0.5.22-1.el7ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-puppet-modules-0:2014.2.13-2.el7ost.noarch",
"product": {
"name": "openstack-puppet-modules-0:2014.2.13-2.el7ost.noarch",
"product_id": "openstack-puppet-modules-0:2014.2.13-2.el7ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-puppet-modules@2014.2.13-2.el7ost?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-discovery-image-0:7.0-20150227.0.el7ost.noarch as a component of OpenStack 6 Installer for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0-Installer:foreman-discovery-image-0:7.0-20150227.0.el7ost.noarch"
},
"product_reference": "foreman-discovery-image-0:7.0-20150227.0.el7ost.noarch",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0-Installer"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-discovery-image-0:7.0-20150227.0.el7ost.src as a component of OpenStack 6 Installer for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0-Installer:foreman-discovery-image-0:7.0-20150227.0.el7ost.src"
},
"product_reference": "foreman-discovery-image-0:7.0-20150227.0.el7ost.src",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0-Installer"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-proxy-0:1.6.0.30-6.el7ost.noarch as a component of OpenStack 6 Installer for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0-Installer:foreman-proxy-0:1.6.0.30-6.el7ost.noarch"
},
"product_reference": "foreman-proxy-0:1.6.0.30-6.el7ost.noarch",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0-Installer"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-proxy-0:1.6.0.30-6.el7ost.src as a component of OpenStack 6 Installer for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0-Installer:foreman-proxy-0:1.6.0.30-6.el7ost.src"
},
"product_reference": "foreman-proxy-0:1.6.0.30-6.el7ost.src",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0-Installer"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-foreman-installer-0:3.0.22-1.el7ost.noarch as a component of OpenStack 6 Installer for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0-Installer:openstack-foreman-installer-0:3.0.22-1.el7ost.noarch"
},
"product_reference": "openstack-foreman-installer-0:3.0.22-1.el7ost.noarch",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0-Installer"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-foreman-installer-0:3.0.22-1.el7ost.src as a component of OpenStack 6 Installer for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0-Installer:openstack-foreman-installer-0:3.0.22-1.el7ost.src"
},
"product_reference": "openstack-foreman-installer-0:3.0.22-1.el7ost.src",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0-Installer"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-puppet-modules-0:2014.2.13-2.el7ost.noarch as a component of OpenStack 6 Installer for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0-Installer:openstack-puppet-modules-0:2014.2.13-2.el7ost.noarch"
},
"product_reference": "openstack-puppet-modules-0:2014.2.13-2.el7ost.noarch",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0-Installer"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-puppet-modules-0:2014.2.13-2.el7ost.src as a component of OpenStack 6 Installer for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0-Installer:openstack-puppet-modules-0:2014.2.13-2.el7ost.src"
},
"product_reference": "openstack-puppet-modules-0:2014.2.13-2.el7ost.src",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0-Installer"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhel-osp-installer-1:0.5.7-1.el7ost.noarch as a component of OpenStack 6 Installer for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0-Installer:rhel-osp-installer-1:0.5.7-1.el7ost.noarch"
},
"product_reference": "rhel-osp-installer-1:0.5.7-1.el7ost.noarch",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0-Installer"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhel-osp-installer-1:0.5.7-1.el7ost.src as a component of OpenStack 6 Installer for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0-Installer:rhel-osp-installer-1:0.5.7-1.el7ost.src"
},
"product_reference": "rhel-osp-installer-1:0.5.7-1.el7ost.src",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0-Installer"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhel-osp-installer-client-1:0.5.7-1.el7ost.noarch as a component of OpenStack 6 Installer for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0-Installer:rhel-osp-installer-client-1:0.5.7-1.el7ost.noarch"
},
"product_reference": "rhel-osp-installer-client-1:0.5.7-1.el7ost.noarch",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0-Installer"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-staypuft-0:0.5.22-1.el7ost.noarch as a component of OpenStack 6 Installer for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0-Installer:ruby193-rubygem-staypuft-0:0.5.22-1.el7ost.noarch"
},
"product_reference": "ruby193-rubygem-staypuft-0:0.5.22-1.el7ost.noarch",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0-Installer"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-staypuft-0:0.5.22-1.el7ost.src as a component of OpenStack 6 Installer for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0-Installer:ruby193-rubygem-staypuft-0:0.5.22-1.el7ost.src"
},
"product_reference": "ruby193-rubygem-staypuft-0:0.5.22-1.el7ost.src",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0-Installer"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-staypuft-doc-0:0.5.22-1.el7ost.noarch as a component of OpenStack 6 Installer for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0-Installer:ruby193-rubygem-staypuft-doc-0:0.5.22-1.el7ost.noarch"
},
"product_reference": "ruby193-rubygem-staypuft-doc-0:0.5.22-1.el7ost.noarch",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0-Installer"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Alessandro Vozza"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2015-1842",
"cwe": {
"id": "CWE-798",
"name": "Use of Hard-coded Credentials"
},
"discovery_date": "2015-03-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1201875"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the puppet manifests, as provided with the openstack-puppet-modules package, would configure the pcsd daemon with a known default password. If this password was not changed and an attacker was able to gain access to pcsd, they could potentially run shell commands as root.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openstack-puppet-modules: pacemaker configured with default password",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this issue as having Important security impact, a future update will address the flaw.\n\nAs a mitigation against this issue, any system deployed using the affected component should have the \u0027hacluster\u0027 password changed before being placed into production or on an untrusted network.\n\nAn article with more detailed information is available to customers here:\nhttps://access.redhat.com/articles/1396123",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-6.0-Installer:foreman-discovery-image-0:7.0-20150227.0.el7ost.noarch",
"7Server-RH7-RHOS-6.0-Installer:foreman-discovery-image-0:7.0-20150227.0.el7ost.src",
"7Server-RH7-RHOS-6.0-Installer:foreman-proxy-0:1.6.0.30-6.el7ost.noarch",
"7Server-RH7-RHOS-6.0-Installer:foreman-proxy-0:1.6.0.30-6.el7ost.src",
"7Server-RH7-RHOS-6.0-Installer:openstack-foreman-installer-0:3.0.22-1.el7ost.noarch",
"7Server-RH7-RHOS-6.0-Installer:openstack-foreman-installer-0:3.0.22-1.el7ost.src",
"7Server-RH7-RHOS-6.0-Installer:openstack-puppet-modules-0:2014.2.13-2.el7ost.noarch",
"7Server-RH7-RHOS-6.0-Installer:openstack-puppet-modules-0:2014.2.13-2.el7ost.src",
"7Server-RH7-RHOS-6.0-Installer:rhel-osp-installer-1:0.5.7-1.el7ost.noarch",
"7Server-RH7-RHOS-6.0-Installer:rhel-osp-installer-1:0.5.7-1.el7ost.src",
"7Server-RH7-RHOS-6.0-Installer:rhel-osp-installer-client-1:0.5.7-1.el7ost.noarch",
"7Server-RH7-RHOS-6.0-Installer:ruby193-rubygem-staypuft-0:0.5.22-1.el7ost.noarch",
"7Server-RH7-RHOS-6.0-Installer:ruby193-rubygem-staypuft-0:0.5.22-1.el7ost.src",
"7Server-RH7-RHOS-6.0-Installer:ruby193-rubygem-staypuft-doc-0:0.5.22-1.el7ost.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1842"
},
{
"category": "external",
"summary": "RHBZ#1201875",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1201875"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1842",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1842"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1842",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1842"
}
],
"release_date": "2015-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-07T15:07:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOS-6.0-Installer:foreman-discovery-image-0:7.0-20150227.0.el7ost.noarch",
"7Server-RH7-RHOS-6.0-Installer:foreman-discovery-image-0:7.0-20150227.0.el7ost.src",
"7Server-RH7-RHOS-6.0-Installer:foreman-proxy-0:1.6.0.30-6.el7ost.noarch",
"7Server-RH7-RHOS-6.0-Installer:foreman-proxy-0:1.6.0.30-6.el7ost.src",
"7Server-RH7-RHOS-6.0-Installer:openstack-foreman-installer-0:3.0.22-1.el7ost.noarch",
"7Server-RH7-RHOS-6.0-Installer:openstack-foreman-installer-0:3.0.22-1.el7ost.src",
"7Server-RH7-RHOS-6.0-Installer:openstack-puppet-modules-0:2014.2.13-2.el7ost.noarch",
"7Server-RH7-RHOS-6.0-Installer:openstack-puppet-modules-0:2014.2.13-2.el7ost.src",
"7Server-RH7-RHOS-6.0-Installer:rhel-osp-installer-1:0.5.7-1.el7ost.noarch",
"7Server-RH7-RHOS-6.0-Installer:rhel-osp-installer-1:0.5.7-1.el7ost.src",
"7Server-RH7-RHOS-6.0-Installer:rhel-osp-installer-client-1:0.5.7-1.el7ost.noarch",
"7Server-RH7-RHOS-6.0-Installer:ruby193-rubygem-staypuft-0:0.5.22-1.el7ost.noarch",
"7Server-RH7-RHOS-6.0-Installer:ruby193-rubygem-staypuft-0:0.5.22-1.el7ost.src",
"7Server-RH7-RHOS-6.0-Installer:ruby193-rubygem-staypuft-doc-0:0.5.22-1.el7ost.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0791"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"7Server-RH7-RHOS-6.0-Installer:foreman-discovery-image-0:7.0-20150227.0.el7ost.noarch",
"7Server-RH7-RHOS-6.0-Installer:foreman-discovery-image-0:7.0-20150227.0.el7ost.src",
"7Server-RH7-RHOS-6.0-Installer:foreman-proxy-0:1.6.0.30-6.el7ost.noarch",
"7Server-RH7-RHOS-6.0-Installer:foreman-proxy-0:1.6.0.30-6.el7ost.src",
"7Server-RH7-RHOS-6.0-Installer:openstack-foreman-installer-0:3.0.22-1.el7ost.noarch",
"7Server-RH7-RHOS-6.0-Installer:openstack-foreman-installer-0:3.0.22-1.el7ost.src",
"7Server-RH7-RHOS-6.0-Installer:openstack-puppet-modules-0:2014.2.13-2.el7ost.noarch",
"7Server-RH7-RHOS-6.0-Installer:openstack-puppet-modules-0:2014.2.13-2.el7ost.src",
"7Server-RH7-RHOS-6.0-Installer:rhel-osp-installer-1:0.5.7-1.el7ost.noarch",
"7Server-RH7-RHOS-6.0-Installer:rhel-osp-installer-1:0.5.7-1.el7ost.src",
"7Server-RH7-RHOS-6.0-Installer:rhel-osp-installer-client-1:0.5.7-1.el7ost.noarch",
"7Server-RH7-RHOS-6.0-Installer:ruby193-rubygem-staypuft-0:0.5.22-1.el7ost.noarch",
"7Server-RH7-RHOS-6.0-Installer:ruby193-rubygem-staypuft-0:0.5.22-1.el7ost.src",
"7Server-RH7-RHOS-6.0-Installer:ruby193-rubygem-staypuft-doc-0:0.5.22-1.el7ost.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openstack-puppet-modules: pacemaker configured with default password"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…