Tagged: mrg messaging Toggle Comment Threads | Keyboard Shortcuts

  • vulnerability management 7:00 pm on December 3, 2010 Permalink | Reply
    Tags: , mrg messaging, , , , ,   

    Red Hat Enterprise MRG Messaging and Grid: Importtant Security Update 

    Users of Red Hat Enterprise MRG Messaging and Grid please be advised of an Important security update that has been identified.
    To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

    RHSA-2010:0922-01: [RHSA-2010:0922-01] Important: Red Hat Enterprise MRG Messaging and Grid security update

    Product: Red Hat Enterprise MRG for RHEL-4
    Description:

    Red Hat Enterprise MRG (Messaging, Realtime and Grid) is a real-time IT

    infrastructure for enterprise computing. MRG Messaging implements the

    Advanced Message Queuing Protocol (AMQP) standard, adding persistence

    options, kernel optimizations, and operating system services.

    The Management Console Installation Guide for Red Hat Enterprise MRG 1.3

    instructed administrators to configure Condor to allow the MRG Management

    Console (cumin) to submit jobs on behalf of a user. This configuration

    facilitated a trust relationship between cumin and the Condor QMF plug-ins;

    however, there was inadequate access control on the trusted channel,

    allowing anyone able to publish to a broker to submit jobs to run as any

    other user (except root, as Condor does not run jobs as root).

    (CVE-2010-4179)

    Read more at http://www.criticalwatch.com

     

    Advertisements
     
  • vulnerability management 6:54 pm on December 3, 2010 Permalink | Reply
    Tags: , mrg messaging, , ,   

    Red Hat Enterprise MRG Messaging and Grid 

    RHSA-2010:0922-01: [RHSA-2010:0922-01] Important: Red Hat Enterprise MRG Messaging and Grid security update

    Product: Red Hat Enterprise MRG for RHEL-4
    Description:

    Red Hat Enterprise MRG (Messaging, Realtime and Grid) is a real-time IT

    infrastructure for enterprise computing. MRG Messaging implements the

    Advanced Message Queuing Protocol (AMQP) standard, adding persistence

    options, kernel optimizations, and operating system services.

    The Management Console Installation Guide for Red Hat Enterprise MRG 1.3

    instructed administrators to configure Condor to allow the MRG Management

    Console (cumin) to submit jobs on behalf of a user. This configuration

    facilitated a trust relationship between cumin and the Condor QMF plug-ins;

    however, there was inadequate access control on the trusted channel,

    allowing anyone able to publish to a broker to submit jobs to run as any

    other user (except root, as Condor does not run jobs as root).

    (CVE-2010-4179)

    Read more at http://www.criticalwatch.com

     

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel