what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Debian Security Advisory 3953-1

Debian Security Advisory 3953-1
Posted Aug 23, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3953-1 - Zane Bitter from Red Hat discovered a vulnerability in Aodh, the alarm engine for OpenStack. Aodh does not verify that the user creating the alarm is the trustor or has the same rights as the trustor, nor that the trust is for the same project as the alarm. The bug allows that an authenticated users without a Keystone token with knowledge of trust IDs to perform unspecified authenticated actions by adding alarm actions.

tags | advisory
systems | linux, redhat, debian
advisories | CVE-2017-12440
SHA-256 | b852fd7ecd286f6539eacf7df6220d7b6245d0b7ac2a1d9c823d9d20266e3fc4

Debian Security Advisory 3953-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3953-1 security@debian.org
https://www.debian.org/security/ Luciano Bello
August 23, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : aodh
CVE ID : CVE-2017-12440
Debian Bug : 872605

Zane Bitter from Red Hat discovered a vulnerability in Aodh, the alarm
engine for OpenStack. Aodh does not verify that the user creating the
alarm is the trustor or has the same rights as the trustor, nor that the
trust is for the same project as the alarm. The bug allows that an
authenticated users without a Keystone token with knowledge of trust IDs
to perform unspecified authenticated actions by adding alarm actions.

For the stable distribution (stretch), this problem has been fixed in
version 3.0.0-4+deb9u1.

We recommend that you upgrade your aodh packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEayzFlnvRveqeWJspbsLe9o/+N3QFAlmd3fYACgkQbsLe9o/+
N3Se8xAAimg7Xo4NfIIGKBctTpzCv5cmxC49w4NqeC37a2uaLPOA3DLU/WV30S13
st+NelwaFHrhE/hXgiWgoGi1p2b2v4Gs/C//NO70qNoXIRePs76+ic7RWAAB9ddI
J7n1CiTUtNisILP6EmhEoOd6kSReCc34jUc7s2YPr0DS0ziEcOJrR8X2SfK621zs
nfxPGMUMBE5+Fk9gOrXz1zCJguGvIQBRnSNQjLf8eFZvva0e2nAulIvq6buvKW2B
9ZftuNHQnpW3/k+1kDZ7FqMTvFsC5gQdEF9c+qmZd54lyb5qWgds9W2Xh3meQZDM
oq64lGSozMcFIfeLLFfCktQfpmxInIHsjT+DK8FnAr3UgGD6zhCJMTNIxP6p+3xB
2Y2z+PUFMumpWNOtb3o/9DEauL1v5BxCTRLr7C0sr0MLdypm6JmH+ASv5FaKN8o4
i9mgabqext57ejKVqOhDGTcZJJB3uN6N8WeOTt/E3bU22kSN9H8BeBX9RHsgVnsF
wehYkH1qEynb+E6dA6o0epMX/Of926PTeUsu+3ipPZWALM/dSvjkwdr+LRjDt8w4
sd5k//1SH9SnUQTiPDrEk2hu/HEj01HGrhh8eJNn9+2Zq7+ZmFUgiPduyFWlEoBk
Ky5zI5NtuTvgW1OjH+GX1tZNc8EPzPDlapB1I+RvCUITQWVtDlQ=
=OTsW
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close