CVE-2014-4615

Related Files

Ubuntu Security Notice USN-2321-1

Posted Aug 21, 2014

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2321-1 - Liping Mao discovered that OpenStack Neutron did not properly handle requests for a large number of allowed address pairs. A remote authenticated attacker could exploit this to cause a denial of service. Zhi Kun Liu discovered that OpenStack Neutron incorrectly filtered certain tokens. An attacker could possibly use this issue to obtain authentication tokens used in REST requests. Various other issues were also addressed.

tags | advisory, remote, denial of service

systems | linux, ubuntu

advisories | CVE-2014-3555, CVE-2014-4615

SHA-256 | 5b7b6a9f75cfd520067e6ce6a174281f6d497b3744e0c37c37a61dd014f8632f

Download | Favorite | View

Ubuntu Security Notice USN-2311-2

Posted Aug 21, 2014

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2311-2 - USN-2311-1 fixed vulnerabilities in pyCADF. This update provides the corresponding updates for OpenStack Ceilometer. Zhi Kun Liu discovered that pyCADF incorrectly filtered certain tokens. An attacker could possibly use this issue to obtain authentication tokens used in REST requests. Various other issues were also addressed.

tags | advisory, vulnerability

systems | linux, ubuntu

advisories | CVE-2014-4615

SHA-256 | ad7b0e30b51d9f8a5abbb08b6f790464b6327d5cce37067210a3bd846815e2be

Download | Favorite | View

Red Hat Security Advisory 2014-1050-01

Posted Aug 14, 2014

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1050-01 - OpenStack Telemetry collects customer usage data for metering purposes. Telemetry implements bus listener, push, and polling agents for data collection; this data is stored in a database and presented via the REST API. In addition, Telemetry's extensible design means it can be optionally extended to gather customized data sets. It was found that authentication tokens were not properly sanitized from the message queue by the notifier middleware. An attacker with read access to the message queue could possibly use this flaw to intercept an authentication token and gain elevated privileges. Note that all services using the notifier middleware configured after the auth_token middleware pipeline were affected.

tags | advisory

systems | linux, redhat

advisories | CVE-2014-4615

SHA-256 | cb9a2c571fca82c415ce3eb267afabaf89e98f4dea867dffa975e61279670ce0

Download | Favorite | View

Ubuntu Security Notice USN-2311-1

Posted Aug 11, 2014

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2311-1 - Zhi Kun Liu discovered that pyCADF incorrectly filtered certain tokens. An attacker could possibly use this issue to obtain authentication tokens used in REST requests.

tags | advisory

systems | linux, ubuntu

advisories | CVE-2014-4615

SHA-256 | 105241bbb753224508871fe229922a8e366df3ce2dae5a0022eeaa4c5a037445

Download | Favorite | View