exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2013-1664

Status Candidate

Overview

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.

Related Files

Gentoo Linux Security Advisory 201412-11
Posted Dec 12, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-11 - Multiple vulnerabilities have been found in AMD64 x86 emulation base libraries, the worst of which may allow remote execution of arbitrary code. Versions prior to 20140406-r1 are affected.

tags | advisory, remote, arbitrary, x86, vulnerability
systems | linux, gentoo
advisories | CVE-2007-0720, CVE-2007-1536, CVE-2007-2026, CVE-2007-2445, CVE-2007-2741, CVE-2007-3108, CVE-2007-4995, CVE-2007-5116, CVE-2007-5135, CVE-2007-5266, CVE-2007-5268, CVE-2007-5269, CVE-2007-5849, CVE-2010-1205, CVE-2013-0338, CVE-2013-0339, CVE-2013-1664, CVE-2013-1969, CVE-2013-2877, CVE-2014-0160
SHA-256 | 0d52bd946d4c830b5f1f480535296f513bafe2d3abc811d6666cbb6fb317a087
Gentoo Linux Security Advisory 201311-06
Posted Nov 11, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201311-6 - Multiple vulnerabilities have been found in libxml2, allowing remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 2.9.1-r1 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-2871, CVE-2012-5134, CVE-2013-0338, CVE-2013-1664, CVE-2013-1969, CVE-2013-2877
SHA-256 | 4a661c45126cb28fec4cfaca3ea442365ce97bcf38318f65b028a97746e2ef46
Red Hat Security Advisory 2013-0670-01
Posted Mar 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0670-01 - The Django web framework is used by Horizon, the OpenStack Dashboard, which is a web interface for managing OpenStack services. A denial of service flaw was found in the Extensible Markup Language parser used by Django. A remote attacker could use this flaw to send a specially-crafted request to an Horizon API, causing Horizon to consume an excessive amount of CPU and memory. A flaw was found in the XML parser used by Django. If a remote attacker sent a specially-crafted request to an Horizon API, it could cause Horizon to connect to external entities, causing a large amount of system load, or allow an attacker to read files on the Horizon server that are accessible to the user running Horizon.

tags | advisory, remote, web, denial of service
systems | linux, redhat
advisories | CVE-2013-0305, CVE-2013-0306, CVE-2013-1664, CVE-2013-1665
SHA-256 | f43133ae695ecbbd6f834f905823dd891d699fa224d25328a2c8c1c9c98db579
Red Hat Security Advisory 2013-0658-01
Posted Mar 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0658-01 - The openstack-cinder packages provide OpenStack Volume, which provides services to manage and access block storage volumes for use by virtual machine instances. A denial of service flaw was found in the Extensible Markup Language parser used by Cinder. A remote attacker could use this flaw to send a specially-crafted request to a Cinder API, causing Cinder to consume an excessive amount of CPU and memory. A flaw was found in the XML parser used by Cinder. If a remote attacker sent a specially-crafted request to a Cinder API, it could cause Cinder to connect to external entities, causing a large amount of system load, or allow an attacker to read files on the Cinder server that are accessible to the user running Cinder.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2013-1664, CVE-2013-1665
SHA-256 | 685dedeb4a1d9e24e68f572aa40addf6cf297350396926eb9e89d6cf3c150694
Red Hat Security Advisory 2013-0657-01
Posted Mar 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0657-01 - The openstack-nova packages provide OpenStack Compute, which provides services for provisioning, managing, and using virtual machine instances. A denial of service flaw was found in the Extensible Markup Language parser used by Nova. A remote attacker could use this flaw to send a specially-crafted request to a Nova API, causing Nova to consume an excessive amount of CPU and memory. A flaw was found in the XML parser used by Nova. If a remote attacker sent a specially-crafted request to a Nova API, it could cause Nova to connect to external entities, causing a large amount of system load, or allow an attacker to read files on the Nova server that are accessible to the user running Nova.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2013-1664, CVE-2013-1665
SHA-256 | b588103f41924e1d9554e7745752d1e515b6a95f3de6329a3b36b9ae1c1af1ff
Ubuntu Security Notice USN-1757-1
Posted Mar 8, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1757-1 - James Kettle discovered that Django did not properly filter the Host HTTP header when processing certain requests. An attacker could exploit this to generate and display arbitrary URLs to users. Although this issue had been previously addressed in USN-1632-1, this update adds additional hardening measures to host header validation. This update also adds a new ALLOWED_HOSTS setting that can be set to a list of acceptable values for headers. Orange Tsai discovered that Django incorrectly performed permission checks when displaying the history view in the admin interface. An administrator could use this flaw to view the history of any object, regardless of intended permissions. Various other issues were also addressed.

tags | advisory, web, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-4520, CVE-2013-0305, CVE-2013-0306, CVE-2013-1665, CVE-2012-4520, CVE-2013-0305, CVE-2013-0306, CVE-2013-1664, CVE-2013-1665
SHA-256 | 02719f42729583dd3407a3d30c2eedacc1f12b2e9836c0ea0740e3d9ef6cf3ad
Red Hat Security Advisory 2013-0596-01
Posted Mar 6, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0596-01 - The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. The openstack-keystone packages have been upgraded to upstream version 2012.2.3, which provides a number of bug fixes and enhancements over the previous version. This update also fixes the following security issues: It was found that Keystone failed to properly validate disabled user accounts, or user accounts associated with disabled tenants or domains, when Amazon Elastic Compute Cloud style credentials were in use. Such users could use this flaw to access resources they should no longer have access to.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2013-0282, CVE-2013-1664, CVE-2013-1665
SHA-256 | a0eee1f003b97292b07495385b14bac708bd9b7275241a5fd85c12efc5671706
Ubuntu Security Notice USN-1734-1
Posted Feb 21, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1734-1 - Joshua Harlow discovered that Nova would allow XML entity processing. A remote unauthenticated attacker could exploit this using the Nova API to cause a denial of service via resource exhaustion.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2013-1664, CVE-2013-1664
SHA-256 | 6d3859f8e73a01c731e048bd1058cbd83ecde2953d41aa5b88921039d3de8376
Ubuntu Security Notice USN-1731-1
Posted Feb 21, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1731-1 - Stuart Stent discovered that Cinder would allow XML entity processing. A remote unauthenticated attacker could exploit this using the Cinder API to cause a denial of service via resource exhaustion.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2013-1664, CVE-2013-1664
SHA-256 | ef9e505dbeaa2ad430eea778d8ab79ad8cdd420cc8284cb9889efcadf8e51957
Ubuntu Security Notice USN-1730-1
Posted Feb 21, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1730-1 - Nathanael Burton discovered that Keystone did not properly verify disabled users. An authenticated but disabled user would continue to have access rights that were removed. Jonathan Murray discovered that Keystone would allow XML entity processing. A remote unauthenticated attacker could exploit this to cause a denial of service via resource exhaustion. Authenticated users could also use this to view arbitrary files on the Keystone server. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-0282, CVE-2013-0282, CVE-2013-1664, CVE-2013-1665
SHA-256 | 40cd9b1218bf350a4f1e6f5441962aa2cec841a1855cb9bd3ea8fb2559367309
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    14 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close