Showing 1 - 3 of 3

CVE-2014-7230

Status Candidate

Overview

The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.

Related Files

Red Hat Security Advisory 2014-1939-01: Posted Dec 2, 2014; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2014-1939-01 - OpenStack Database is Database as a Service for Openstack. It runs entirely on OpenStack, with the goal of allowing users to quickly and easily utilize the features of a database without the burden of handling complex administrative tasks. Cloud users and database administrators can provision and manage multiple database instances as needed. It was found that the processutils.execute() and strutils.mask_password() functions did not correctly sanitize the authentication details from their output before storing them in log files. This could allow an attacker with read access to these log files to obtain sensitive information such as passwords.; tags | advisory; systems | linux, redhat; advisories | CVE-2014-7230, CVE-2014-7231; SHA-256 | 836354ac903cce9e3a9d8d877ebdb31bcdf1f96bb0e60582e6c3639bffe137c1; Download | Favorite | View

Ubuntu Security Notice USN-2407-1: Posted Nov 11, 2014; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 2407-1 - Garth Mollett discovered that OpenStack Nova did not properly clean up an instance when using rescue mode with the VMWare driver. A remove authenticated user could exploit this to bypass intended quota limits. By default, Ubuntu does not use the VMWare driver. Amrith Kumar discovered that OpenStack Nova did not properly sanitize log message contents. Under certain circumstances, a local attacker with read access to Nova log files could obtain access to sensitive information. Various other issues were also addressed.; tags | advisory, local; systems | linux, ubuntu; advisories | CVE-2014-3608, CVE-2014-7230; SHA-256 | 3c7205b8ebb855db59f87c5f3f505c7722720259119b91f95b3964de02a9831a; Download | Favorite | View

Ubuntu Security Notice USN-2405-1: Posted Nov 11, 2014; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 2405-1 - Duncan Thomas discovered that OpenStack Cinder did not properly track the file format when using the GlusterFS of Smbfs drivers. A remote authenticated user could exploit this to potentially obtain file contents from the compute host. Amrith Kumar discovered that OpenStack Cinder did not properly sanitize log message contents. Under certain circumstances, a local attacker with read access to Cinder log files could obtain access to sensitive information. Various other issues were also addressed.; tags | advisory, remote, local; systems | linux, ubuntu; advisories | CVE-2014-3641, CVE-2014-7230; SHA-256 | 093befa060a0a74d20668cc4dd13401ce693514f81089d91ae807f5c8f629ff9; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 223 files
Ubuntu 61 files
Debian 20 files
LiquidWorm 20 files
Apple 9 files
indoushka 5 files
Gentoo 5 files
Google Security Research 4 files
Alter Prime 3 files
Chokri Hammedi 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,160)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,842)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,249)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,975)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

CVE-2014-7230

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems