exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2013-6491

Status Candidate

Overview

CVE-2013-6491 Openstack nova: qpid SSL configuration

Related Files

Ubuntu Security Notice USN-2247-1
Posted Jun 17, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2247-1 - Darragh O'Reilly discovered that OpenStack Nova did not properly set up its sudo configuration. If a different flaw was found in OpenStack Nova, this vulnerability could be used to escalate privileges. This issue only affected Ubuntu 13.10 and Ubuntu 14.04 LTS. Bernhard M. Wiedemann and Pedraig Brady discovered that OpenStack Nova did not properly verify the virtual size of a QCOW2 images. A remote authenticated attacker could exploit this to create a denial of service via disk consumption. This issue did not affect Ubuntu 14.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2013-1068, CVE-2013-4463, CVE-2013-4469, CVE-2013-6491, CVE-2013-7130, CVE-2014-0134, CVE-2014-0167
SHA-256 | c061c326f8e2fd51cf3da4f0196f40f3e8ce883bba777d9e41fe4665ea5c141a
Ubuntu Security Notice USN-2208-2
Posted May 7, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2208-2 - USN-2208-1 fixed vulnerabilities in OpenStack Cinder. This update provides the corresponding updates for OpenStack Quantum. JuanFra Rodriguez Cardoso discovered that OpenStack Cinder did not enforce SSL connections when Nova was configured to use QPid and qpid_protocol is set to 'ssl'. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Ubuntu does not use QPid with Nova by default. Various other issues were also addressed.

tags | advisory, remote, vulnerability
systems | linux, ubuntu
advisories | CVE-2013-6491
SHA-256 | d0d5156d5df85a3712f3a696f3471fd131bc63c5a190a82aa2f593f624ebb58d
Ubuntu Security Notice USN-2208-1
Posted May 7, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2208-1 - JuanFra Rodriguez Cardoso discovered that OpenStack Cinder did not enforce SSL connections when Nova was configured to use QPid and qpid_protocol is set to 'ssl'. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Ubuntu does not use QPid with Nova by default.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2013-6491
SHA-256 | 53acf4004418f2da4a2339679b5b8960dea74b9702a0c8eb99b88eef60eba10e
Red Hat Security Advisory 2014-0112-01
Posted Jan 31, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0112-01 - The openstack-nova packages provide OpenStack Compute, which provides services for provisioning, managing, and using virtual machine instances. It was discovered that enabling "qpid_protocol = ssl" in the nova.conf file did not result in nova using SSL to communicate to Qpid. If Qpid was not configured to enforce SSL this could lead to sensitive information being sent unencrypted over the communication channel. A flaw was found in the way OpenStack Compute controlled the size of disk images. An authenticated remote user could use malicious compressed qcow2 disk images to consume large amounts of disk space, potentially causing a denial of service on the OpenStack Compute nodes.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2013-4463, CVE-2013-6491
SHA-256 | a9c329772cd7af8395cafb1ec06bc13482d54fac734c4e696e1724b928aaabec
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    32 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close