what you don't know can hurt you
Showing 1 - 10 of 10 RSS Feed

CVE-2013-1664

Status Candidate

Overview

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.

Related Files

Gentoo Linux Security Advisory 201412-11
Posted Dec 12, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-11 - Multiple vulnerabilities have been found in AMD64 x86 emulation base libraries, the worst of which may allow remote execution of arbitrary code. Versions prior to 20140406-r1 are affected.

tags | advisory, remote, arbitrary, x86, vulnerability
systems | linux, gentoo
advisories | CVE-2007-0720, CVE-2007-1536, CVE-2007-2026, CVE-2007-2445, CVE-2007-2741, CVE-2007-3108, CVE-2007-4995, CVE-2007-5116, CVE-2007-5135, CVE-2007-5266, CVE-2007-5268, CVE-2007-5269, CVE-2007-5849, CVE-2010-1205, CVE-2013-0338, CVE-2013-0339, CVE-2013-1664, CVE-2013-1969, CVE-2013-2877, CVE-2014-0160
MD5 | 79d42811d0d77f411edfda4a318d5bb6
Gentoo Linux Security Advisory 201311-06
Posted Nov 11, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201311-6 - Multiple vulnerabilities have been found in libxml2, allowing remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 2.9.1-r1 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-2871, CVE-2012-5134, CVE-2013-0338, CVE-2013-1664, CVE-2013-1969, CVE-2013-2877
MD5 | a066a83da5ac5a1f1cf9568ae1f62b6f
Red Hat Security Advisory 2013-0670-01
Posted Mar 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0670-01 - The Django web framework is used by Horizon, the OpenStack Dashboard, which is a web interface for managing OpenStack services. A denial of service flaw was found in the Extensible Markup Language parser used by Django. A remote attacker could use this flaw to send a specially-crafted request to an Horizon API, causing Horizon to consume an excessive amount of CPU and memory. A flaw was found in the XML parser used by Django. If a remote attacker sent a specially-crafted request to an Horizon API, it could cause Horizon to connect to external entities, causing a large amount of system load, or allow an attacker to read files on the Horizon server that are accessible to the user running Horizon.

tags | advisory, remote, web, denial of service
systems | linux, redhat
advisories | CVE-2013-0305, CVE-2013-0306, CVE-2013-1664, CVE-2013-1665
MD5 | 49537345135999b8af310a8ec3b69681
Red Hat Security Advisory 2013-0658-01
Posted Mar 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0658-01 - The openstack-cinder packages provide OpenStack Volume, which provides services to manage and access block storage volumes for use by virtual machine instances. A denial of service flaw was found in the Extensible Markup Language parser used by Cinder. A remote attacker could use this flaw to send a specially-crafted request to a Cinder API, causing Cinder to consume an excessive amount of CPU and memory. A flaw was found in the XML parser used by Cinder. If a remote attacker sent a specially-crafted request to a Cinder API, it could cause Cinder to connect to external entities, causing a large amount of system load, or allow an attacker to read files on the Cinder server that are accessible to the user running Cinder.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2013-1664, CVE-2013-1665
MD5 | 4f7cf0c592ceed63da3cbe6b27be14f6
Red Hat Security Advisory 2013-0657-01
Posted Mar 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0657-01 - The openstack-nova packages provide OpenStack Compute, which provides services for provisioning, managing, and using virtual machine instances. A denial of service flaw was found in the Extensible Markup Language parser used by Nova. A remote attacker could use this flaw to send a specially-crafted request to a Nova API, causing Nova to consume an excessive amount of CPU and memory. A flaw was found in the XML parser used by Nova. If a remote attacker sent a specially-crafted request to a Nova API, it could cause Nova to connect to external entities, causing a large amount of system load, or allow an attacker to read files on the Nova server that are accessible to the user running Nova.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2013-1664, CVE-2013-1665
MD5 | 647003e0557ef67bbe03b2eee2c7fa31
Ubuntu Security Notice USN-1757-1
Posted Mar 8, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1757-1 - James Kettle discovered that Django did not properly filter the Host HTTP header when processing certain requests. An attacker could exploit this to generate and display arbitrary URLs to users. Although this issue had been previously addressed in USN-1632-1, this update adds additional hardening measures to host header validation. This update also adds a new ALLOWED_HOSTS setting that can be set to a list of acceptable values for headers. Orange Tsai discovered that Django incorrectly performed permission checks when displaying the history view in the admin interface. An administrator could use this flaw to view the history of any object, regardless of intended permissions. Various other issues were also addressed.

tags | advisory, web, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-4520, CVE-2013-0305, CVE-2013-0306, CVE-2013-1665, CVE-2012-4520, CVE-2013-0305, CVE-2013-0306, CVE-2013-1664, CVE-2013-1665
MD5 | 87e3a12e74a5e44e819568675aa4d16a
Red Hat Security Advisory 2013-0596-01
Posted Mar 6, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0596-01 - The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. The openstack-keystone packages have been upgraded to upstream version 2012.2.3, which provides a number of bug fixes and enhancements over the previous version. This update also fixes the following security issues: It was found that Keystone failed to properly validate disabled user accounts, or user accounts associated with disabled tenants or domains, when Amazon Elastic Compute Cloud style credentials were in use. Such users could use this flaw to access resources they should no longer have access to.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2013-0282, CVE-2013-1664, CVE-2013-1665
MD5 | 3a3ef6ca92bb67d86abefe8097565289
Ubuntu Security Notice USN-1734-1
Posted Feb 21, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1734-1 - Joshua Harlow discovered that Nova would allow XML entity processing. A remote unauthenticated attacker could exploit this using the Nova API to cause a denial of service via resource exhaustion.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2013-1664, CVE-2013-1664
MD5 | f29d2fc0cb6a8f344122d760117ea516
Ubuntu Security Notice USN-1731-1
Posted Feb 21, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1731-1 - Stuart Stent discovered that Cinder would allow XML entity processing. A remote unauthenticated attacker could exploit this using the Cinder API to cause a denial of service via resource exhaustion.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2013-1664, CVE-2013-1664
MD5 | 87b2c3da2ac42799c8a3f87112a0f5be
Ubuntu Security Notice USN-1730-1
Posted Feb 21, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1730-1 - Nathanael Burton discovered that Keystone did not properly verify disabled users. An authenticated but disabled user would continue to have access rights that were removed. Jonathan Murray discovered that Keystone would allow XML entity processing. A remote unauthenticated attacker could exploit this to cause a denial of service via resource exhaustion. Authenticated users could also use this to view arbitrary files on the Keystone server. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-0282, CVE-2013-0282, CVE-2013-1664, CVE-2013-1665
MD5 | cd70e65f3dddaf97759c9f738f4cd4a1
Page 1 of 1
Back1Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    13 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close