what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2013-6491

Status Candidate

Overview

The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network.

Related Files

Ubuntu Security Notice USN-2247-1
Posted Jun 17, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2247-1 - Darragh O'Reilly discovered that OpenStack Nova did not properly set up its sudo configuration. If a different flaw was found in OpenStack Nova, this vulnerability could be used to escalate privileges. This issue only affected Ubuntu 13.10 and Ubuntu 14.04 LTS. Bernhard M. Wiedemann and Pedraig Brady discovered that OpenStack Nova did not properly verify the virtual size of a QCOW2 images. A remote authenticated attacker could exploit this to create a denial of service via disk consumption. This issue did not affect Ubuntu 14.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2013-1068, CVE-2013-4463, CVE-2013-4469, CVE-2013-6491, CVE-2013-7130, CVE-2014-0134, CVE-2014-0167
SHA-256 | c061c326f8e2fd51cf3da4f0196f40f3e8ce883bba777d9e41fe4665ea5c141a
Ubuntu Security Notice USN-2208-2
Posted May 7, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2208-2 - USN-2208-1 fixed vulnerabilities in OpenStack Cinder. This update provides the corresponding updates for OpenStack Quantum. JuanFra Rodriguez Cardoso discovered that OpenStack Cinder did not enforce SSL connections when Nova was configured to use QPid and qpid_protocol is set to 'ssl'. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Ubuntu does not use QPid with Nova by default. Various other issues were also addressed.

tags | advisory, remote, vulnerability
systems | linux, ubuntu
advisories | CVE-2013-6491
SHA-256 | d0d5156d5df85a3712f3a696f3471fd131bc63c5a190a82aa2f593f624ebb58d
Ubuntu Security Notice USN-2208-1
Posted May 7, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2208-1 - JuanFra Rodriguez Cardoso discovered that OpenStack Cinder did not enforce SSL connections when Nova was configured to use QPid and qpid_protocol is set to 'ssl'. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Ubuntu does not use QPid with Nova by default.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2013-6491
SHA-256 | 53acf4004418f2da4a2339679b5b8960dea74b9702a0c8eb99b88eef60eba10e
Red Hat Security Advisory 2014-0112-01
Posted Jan 31, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0112-01 - The openstack-nova packages provide OpenStack Compute, which provides services for provisioning, managing, and using virtual machine instances. It was discovered that enabling "qpid_protocol = ssl" in the nova.conf file did not result in nova using SSL to communicate to Qpid. If Qpid was not configured to enforce SSL this could lead to sensitive information being sent unencrypted over the communication channel. A flaw was found in the way OpenStack Compute controlled the size of disk images. An authenticated remote user could use malicious compressed qcow2 disk images to consume large amounts of disk space, potentially causing a denial of service on the OpenStack Compute nodes.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2013-4463, CVE-2013-6491
SHA-256 | a9c329772cd7af8395cafb1ec06bc13482d54fac734c4e696e1724b928aaabec
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close