Ausführen von Code mit höheren Privilegien in thermostat
ID: | FEDORA-2014-17384 |
Distribution: | Fedora |
Plattformen: | Fedora 21 |
Datum: | Do, 8. Januar 2015, 08:31 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8120 |
Applikationen: | Thermostat |
Originalnachricht |
|
Name : thermostat Product : Fedora 21 Version : 1.0.6 Release : 1.fc21 URL : http://icedtea.classpath.org/thermostat/ Summary : A monitoring and serviceability tool for OpenJDK Description : Thermostat is a monitoring and instrumentation tool for the Hotspot JVM, with support for monitoring multiple JVM instances. The system is made up of two processes: an Agent, which collects data, and a Client which allows users to visualize this data. These components communicate via a MongoDB-based storage layer. A pluggable agent and gui framework allows for collection and visualization of performance data beyond that which is included out of the box. -------------------------------------------------------------------------------- Update Information: Update to latest maintenance release. It was discovered that, in certain configurations, the Thermostat agent disclosed JMX management URLs of all local Java virtual machines to any local user. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-8120) -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 18 2014 Elliott Baron |