CVE-2015-5223

Related Files

Ubuntu Security Notice USN-3451-1

Posted Oct 12, 2017

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3451-1 - It was discovered that OpenStack Swift incorrectly handled tempurls. A remote authenticated user in possession of a tempurl key authorized for PUT could retrieve other objects in the same Swift account. Romain Le Disez and Arjan Persson discovered that OpenStack Swift incorrectly closed client connections. A remote attacker could possibly use this issue to consume resources, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service

systems | linux, ubuntu

advisories | CVE-2015-5223, CVE-2016-0737, CVE-2016-0738

SHA-256 | 70e90fd9f9d13513b72ce23eb9a5afc5589f7b785f6e14f8d84470b767224214

Download | Favorite | View

Red Hat Security Advisory 2015-1895-01

Posted Oct 16, 2015

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1895-01 - OpenStack Object Storage provides object storage in virtual containers, which allows users to store and retrieve files. The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to deployment in multiple data centers. A flaw was found in the OpenStack Object storage service tempurls. An attacker in possession of a tempurl key with PUT permissions may be able to gain read access to other objects in the same project.

tags | advisory

systems | linux, redhat

advisories | CVE-2015-5223

SHA-256 | f0e4d2424ab41334efcd6f2450c53f117a6194181820d4883c228aa2b84e6bbe

Download | Favorite | View