Showing 1 - 3 of 3

CVE-2015-1856

Status Candidate

Overview

OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container.

Related Files

Red Hat Security Advisory 2015-1684-01: Posted Aug 26, 2015; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2015-1684-01 - OpenStack Object Storage provides object storage in virtual containers, which allows users to store and retrieve files. The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to multiple data-center deployment. A flaw was found in OpenStack Object Storage that could allow an authenticated user to delete the most recent version of a versioned object regardless of ownership. To exploit this flaw, an attacker must know the name of the object and have listing access to the x-versions-location container.; tags | advisory; systems | linux, redhat; advisories | CVE-2015-1856; SHA-256 | ee39183a3ea994aeff17098083ebe2a8492a6ee3bf022511868c02167de39768; Download | Favorite | View

Red Hat Security Advisory 2015-1681-01: Posted Aug 25, 2015; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2015-1681-01 - OpenStack Object Storage provides object storage in virtual containers, which allows users to store and retrieve files. The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to multiple data-center deployment. A flaw was found in openstack-swift where an authenticated user may delete the most recent version of a versioned object regardless of ownership. To exploit this flaw an attacker most know the name of the object and have listing access to the x-versions-location container.; tags | advisory; systems | linux, redhat; advisories | CVE-2015-1856; SHA-256 | b4620e51dac253858c6c6dd8a14325faa2787471f9702c33b9acaf4a45839e74; Download | Favorite | View

Ubuntu Security Notice USN-2704-1: Posted Aug 6, 2015; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 2704-1 - Rajaneesh Singh discovered Swift does not properly enforce metadata limits. An attacker could abuse this issue to store more metadata than allowed by policy. Clay Gerrard discovered Swift allowed users to delete the latest version of object regardless of object permissions when allow_version is configured. An attacker could use this issue to delete objects. Various other issues were also addressed.; tags | advisory; systems | linux, ubuntu; advisories | CVE-2014-7960, CVE-2015-1856; SHA-256 | 8db03feeaa7eb981bf4b8d968079bfd997f069ce59de6319218290165007e54c; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 294 files
Ubuntu 64 files
Debian 24 files
Apple 14 files
LiquidWorm 12 files
Gentoo 8 files
Google Security Research 4 files
Andrey Stoykov 3 files
Jann Horn 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,171)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,070)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,426)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,010)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

CVE-2015-1856

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems