Twenty Year Anniversary
Showing 1 - 2 of 2 RSS Feed

CVE-2015-5251

Status Candidate

Overview

OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.

Related Files

Ubuntu Security Notice USN-3446-1
Posted Oct 11, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3446-1 - Hemanth Makkapati discovered that OpenStack Glance incorrectly handled access restrictions. A remote authenticated user could use this issue to change the status of images, contrary to access restrictions. Mike Fedosin and Alexei Galkin discovered that OpenStack Glance incorrectly handled the storage quota. A remote authenticated user could use this issue to consume disk resources, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2015-5251, CVE-2015-5286, CVE-2016-0757
MD5 | 9d265aef13db5abb162ce64ac86292f5
Red Hat Security Advisory 2015-1897-01
Posted Oct 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1897-01 - OpenStack Image service provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. A flaw was discovered in the OpenStack Image service where a tenant could manipulate the status of their images by submitting an HTTP PUT request together with an 'x-image-meta-status' header. A malicious tenant could exploit this flaw to reactivate disabled images, bypass storage quotas, and in some cases replace image contents. Setups using the Image service's v1 API could allow the illegal modification of image status. Additionally, setups which also use the v2 API could allow a subsequent re-upload of image contents.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2015-5251, CVE-2015-5286
MD5 | c340b401e75dc64c304c0f0262ccfdb1
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

June 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    14 Files
  • 2
    Jun 2nd
    1 Files
  • 3
    Jun 3rd
    3 Files
  • 4
    Jun 4th
    18 Files
  • 5
    Jun 5th
    21 Files
  • 6
    Jun 6th
    8 Files
  • 7
    Jun 7th
    16 Files
  • 8
    Jun 8th
    18 Files
  • 9
    Jun 9th
    5 Files
  • 10
    Jun 10th
    2 Files
  • 11
    Jun 11th
    21 Files
  • 12
    Jun 12th
    32 Files
  • 13
    Jun 13th
    15 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    4 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    2 Files
  • 18
    Jun 18th
    15 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    8 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close