Main Vulnerability Database SB2017111302

SB2017111302 - SUSE Linux update for Apache Storm

Published: November 13, 2017

Security Bulletin ID SB2017111302

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Information disclosure (CVE-ID: CVE-2017-9799)

The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.

The weakness exists due to improper access controls. A remote authenticated user that is the owner of a topology can exploit a flaw to cause the supervisor to launch a worker as a different (non-root) user and obtain credentials from the target user account.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Install update from vendor's website.

References

https://lists.opensuse.org/opensuse-security-announce/2017-11/msg00023.html