.
Description
Sam Johnston (http://samj.net/) of Australian Online Solutions
(http://www.aos.net.au) reported that the vmfeed module, an insecure
implementation of the insecure VMcasting protocol (http://www.vmcasting.org/)
includes a silent update mechanism that downloads and executes Python code
to be ineffective.
Background
Enomaly ECP (formerly Enomalism) is management software for virtual machines.
Description
Sam Johnston[4] of Australian Online Solutions[5] reported multiple
vulnerabilities in enomalism2.sh:
- Race condition on $PIDFILE renders 2.1.1 fixes ineffective
software for virtual machines.
Description
Sam Johnston (http://samj.net/) of Australian Online Solutions
(http://www.aos.net.au) reported that the main Enomaly ECP daemon (enomalism2d)
includes an undocumented silent update mechanism that insecurely downloads and
executes code from Enomaly's
(formerly Enomalism) is management software for virtual machines.
Description
Sam Johnston of Australian Online Solutions reported that enomalism2.sh uses
the /tmp/enomalism2.pid temporary file in an insecure manner.
Impact
A local attacker could perform a symlink attack to overwrite arbitrary
