what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Ganeti Leaked Secret / Denial Of Service

Ganeti Leaked Secret / Denial Of Service
Posted Dec 31, 2015
Authored by Open Source CERT, Daniele Bianco

Ganeti, an open source virtualization manager, suffers from multiple issues in its RESTful control interface (RAPI). The distributed replicated storage (DRBD) secret is leaked by the RAPI interface when job results are requested. Leveraging on the knowledge of this secret, a malicious user who had already gained access to the storage network of the cluster can retrieve instance data more easily and reliably. The RAPI interface is also vulnerable to a denial of service condition, triggered via SSL parameter renegotiation issued by a malicious client. The condition leads to resource exhaustion on the master node. Many versions are affected.

tags | advisory, denial of service
advisories | CVE-2015-7944, CVE-2015-7945
SHA-256 | 4908b0ea745ca775be075350bb329e3afa85d1d65858822a85447b0558240754

Ganeti Leaked Secret / Denial Of Service

Change Mirror Download
#2015-012 Ganeti multiple issues

Description:

Ganeti, an open source virtualization manager, suffers from multiple issues in
its RESTful control interface (RAPI).

The distributed replicated storage (DRBD) secret is leaked by the RAPI
interface when job results are requested. Leveraging on the knowledge of
this secret, a malicious user who had already gained access to the storage
network of the cluster can retrieve instance data more easily and reliably.

The RAPI interface is also vulnerable to a DoS condition, triggered via SSL
parameter renegotiation issued by a malicious client. The condition leads to
resource exhaustion on the master node.

Affected version:

Ganeti <=2.9.6, <=2.10.7, <=2.11.7, <=2.12.5, <=2.13.2, <=2.14.1, <=2.15.1

Fixed version:

Ganeti >=2.9.7, >=2.10.8, >=2.11.8, >=2.12.6, >=2.13.3, >=2.14.2, >=2.15.2

Credit: vulnerability reported by Pierre Kim <pierre [dot] kim [dot] sec [at] gmail [dot] com>.

CVE:

CVE-2015-7944 (DoS), CVE-2015-7945 (DRBD secret leak)

Timeline:

2015-12-21: vulnerability report received
2015-12-24: contacted affected vendors
2015-12-30: advisory release

References:

http://downloads.ganeti.org/releases

Permalink:

http://www.ocert.org/advisories/ocert-2015-012.html

--
Daniele Bianco Open Source Computer Security Incident Response Team
<danbia@ocert.org> http://www.ocert.org

GPG Key 0x9544A497
GPG Key fingerprint = 88A7 43F4 F28F 1B9D 6F2D 4AC5 AE75 822E 9544 A497
Login or Register to add favorites

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close