exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2013-1664

Status Candidate

Overview

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.

Related Files

Gentoo Linux Security Advisory 201412-11
Posted Dec 12, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-11 - Multiple vulnerabilities have been found in AMD64 x86 emulation base libraries, the worst of which may allow remote execution of arbitrary code. Versions prior to 20140406-r1 are affected.

tags | advisory, remote, arbitrary, x86, vulnerability
systems | linux, gentoo
advisories | CVE-2007-0720, CVE-2007-1536, CVE-2007-2026, CVE-2007-2445, CVE-2007-2741, CVE-2007-3108, CVE-2007-4995, CVE-2007-5116, CVE-2007-5135, CVE-2007-5266, CVE-2007-5268, CVE-2007-5269, CVE-2007-5849, CVE-2010-1205, CVE-2013-0338, CVE-2013-0339, CVE-2013-1664, CVE-2013-1969, CVE-2013-2877, CVE-2014-0160
SHA-256 | 0d52bd946d4c830b5f1f480535296f513bafe2d3abc811d6666cbb6fb317a087
Gentoo Linux Security Advisory 201311-06
Posted Nov 11, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201311-6 - Multiple vulnerabilities have been found in libxml2, allowing remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 2.9.1-r1 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-2871, CVE-2012-5134, CVE-2013-0338, CVE-2013-1664, CVE-2013-1969, CVE-2013-2877
SHA-256 | 4a661c45126cb28fec4cfaca3ea442365ce97bcf38318f65b028a97746e2ef46
Red Hat Security Advisory 2013-0670-01
Posted Mar 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0670-01 - The Django web framework is used by Horizon, the OpenStack Dashboard, which is a web interface for managing OpenStack services. A denial of service flaw was found in the Extensible Markup Language parser used by Django. A remote attacker could use this flaw to send a specially-crafted request to an Horizon API, causing Horizon to consume an excessive amount of CPU and memory. A flaw was found in the XML parser used by Django. If a remote attacker sent a specially-crafted request to an Horizon API, it could cause Horizon to connect to external entities, causing a large amount of system load, or allow an attacker to read files on the Horizon server that are accessible to the user running Horizon.

tags | advisory, remote, web, denial of service
systems | linux, redhat
advisories | CVE-2013-0305, CVE-2013-0306, CVE-2013-1664, CVE-2013-1665
SHA-256 | f43133ae695ecbbd6f834f905823dd891d699fa224d25328a2c8c1c9c98db579
Red Hat Security Advisory 2013-0658-01
Posted Mar 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0658-01 - The openstack-cinder packages provide OpenStack Volume, which provides services to manage and access block storage volumes for use by virtual machine instances. A denial of service flaw was found in the Extensible Markup Language parser used by Cinder. A remote attacker could use this flaw to send a specially-crafted request to a Cinder API, causing Cinder to consume an excessive amount of CPU and memory. A flaw was found in the XML parser used by Cinder. If a remote attacker sent a specially-crafted request to a Cinder API, it could cause Cinder to connect to external entities, causing a large amount of system load, or allow an attacker to read files on the Cinder server that are accessible to the user running Cinder.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2013-1664, CVE-2013-1665
SHA-256 | 685dedeb4a1d9e24e68f572aa40addf6cf297350396926eb9e89d6cf3c150694
Red Hat Security Advisory 2013-0657-01
Posted Mar 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0657-01 - The openstack-nova packages provide OpenStack Compute, which provides services for provisioning, managing, and using virtual machine instances. A denial of service flaw was found in the Extensible Markup Language parser used by Nova. A remote attacker could use this flaw to send a specially-crafted request to a Nova API, causing Nova to consume an excessive amount of CPU and memory. A flaw was found in the XML parser used by Nova. If a remote attacker sent a specially-crafted request to a Nova API, it could cause Nova to connect to external entities, causing a large amount of system load, or allow an attacker to read files on the Nova server that are accessible to the user running Nova.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2013-1664, CVE-2013-1665
SHA-256 | b588103f41924e1d9554e7745752d1e515b6a95f3de6329a3b36b9ae1c1af1ff
Ubuntu Security Notice USN-1757-1
Posted Mar 8, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1757-1 - James Kettle discovered that Django did not properly filter the Host HTTP header when processing certain requests. An attacker could exploit this to generate and display arbitrary URLs to users. Although this issue had been previously addressed in USN-1632-1, this update adds additional hardening measures to host header validation. This update also adds a new ALLOWED_HOSTS setting that can be set to a list of acceptable values for headers. Orange Tsai discovered that Django incorrectly performed permission checks when displaying the history view in the admin interface. An administrator could use this flaw to view the history of any object, regardless of intended permissions. Various other issues were also addressed.

tags | advisory, web, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-4520, CVE-2013-0305, CVE-2013-0306, CVE-2013-1665, CVE-2012-4520, CVE-2013-0305, CVE-2013-0306, CVE-2013-1664, CVE-2013-1665
SHA-256 | 02719f42729583dd3407a3d30c2eedacc1f12b2e9836c0ea0740e3d9ef6cf3ad
Red Hat Security Advisory 2013-0596-01
Posted Mar 6, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0596-01 - The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. The openstack-keystone packages have been upgraded to upstream version 2012.2.3, which provides a number of bug fixes and enhancements over the previous version. This update also fixes the following security issues: It was found that Keystone failed to properly validate disabled user accounts, or user accounts associated with disabled tenants or domains, when Amazon Elastic Compute Cloud style credentials were in use. Such users could use this flaw to access resources they should no longer have access to.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2013-0282, CVE-2013-1664, CVE-2013-1665
SHA-256 | a0eee1f003b97292b07495385b14bac708bd9b7275241a5fd85c12efc5671706
Ubuntu Security Notice USN-1734-1
Posted Feb 21, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1734-1 - Joshua Harlow discovered that Nova would allow XML entity processing. A remote unauthenticated attacker could exploit this using the Nova API to cause a denial of service via resource exhaustion.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2013-1664, CVE-2013-1664
SHA-256 | 6d3859f8e73a01c731e048bd1058cbd83ecde2953d41aa5b88921039d3de8376
Ubuntu Security Notice USN-1731-1
Posted Feb 21, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1731-1 - Stuart Stent discovered that Cinder would allow XML entity processing. A remote unauthenticated attacker could exploit this using the Cinder API to cause a denial of service via resource exhaustion.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2013-1664, CVE-2013-1664
SHA-256 | ef9e505dbeaa2ad430eea778d8ab79ad8cdd420cc8284cb9889efcadf8e51957
Ubuntu Security Notice USN-1730-1
Posted Feb 21, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1730-1 - Nathanael Burton discovered that Keystone did not properly verify disabled users. An authenticated but disabled user would continue to have access rights that were removed. Jonathan Murray discovered that Keystone would allow XML entity processing. A remote unauthenticated attacker could exploit this to cause a denial of service via resource exhaustion. Authenticated users could also use this to view arbitrary files on the Keystone server. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-0282, CVE-2013-0282, CVE-2013-1664, CVE-2013-1665
SHA-256 | 40cd9b1218bf350a4f1e6f5441962aa2cec841a1855cb9bd3ea8fb2559367309
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close