Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2012-0434 at MITRE


The server in Crowbar, as used in SUSE Cloud 1.0, uses weak permissions for the production.log file, which has unspecified impact and attack vectors.

NVD CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

SUSE information

SUSE Bugzilla entry: 784857

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SUSE Cloud 1.0
  • crowbar >= 1.2+git.1352980051.583e159-0.5.3
  • crowbar-barclamp-crowbar >= 1.2+git.1352636706.f1e4834-0.5.13
  • crowbar-barclamp-database >= 1.2+git.1349690639.d8910c3-0.5.13
  • crowbar-barclamp-dns >= 1.2+git.1352726499.fd6eca8-0.5.13
  • crowbar-barclamp-nova >= 1.2+git.1352206743.6cc2eeb-0.5.13
  • crowbar-barclamp-provisioner >= 1.2+git.1355744933.0c1d40d-0.5.13
SAT Patch Nr: 7210