Showing 1 - 1 of 1

CVE-2012-2654

Status Candidate

Overview

The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.

Related Files

Ubuntu Security Notice USN-1466-1: Posted Jun 6, 2012; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 1466-1 - It was discovered that, when defining security groups in Nova using the EC2 or OS APIs, specifying the network protocol (e.g. 'TCP') in the incorrect case would cause the security group to not be applied correctly. An attacker could use this to bypass Nova security group restrictions.; tags | advisory, tcp, protocol; systems | linux, ubuntu; advisories | CVE-2012-2654; SHA-256 | aaa802033fd02ad4127bca32ff6245611c268e7f7d2b90b51e38b75b80cefe1e; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 87 files
Gentoo 31 files
Debian 21 files
tmrswrr 10 files
Sina Kheirkhah 7 files
Rodolfo Tavares 4 files
bRpsd 4 files
Google Security Research 3 files
Jann Horn 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,078)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,350)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,266)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,658)
UNIX (9,425)
UnixWare (187)
Windows (6,666)
Other

CVE-2012-2654

Overview

Related Files

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems