Exploit the possiblities
Showing 1 - 2 of 2 RSS Feed

CVE-2015-5251

Status Candidate

Overview

OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.

Related Files

Ubuntu Security Notice USN-3446-1
Posted Oct 11, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3446-1 - Hemanth Makkapati discovered that OpenStack Glance incorrectly handled access restrictions. A remote authenticated user could use this issue to change the status of images, contrary to access restrictions. Mike Fedosin and Alexei Galkin discovered that OpenStack Glance incorrectly handled the storage quota. A remote authenticated user could use this issue to consume disk resources, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2015-5251, CVE-2015-5286, CVE-2016-0757
MD5 | 9d265aef13db5abb162ce64ac86292f5
Red Hat Security Advisory 2015-1897-01
Posted Oct 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1897-01 - OpenStack Image service provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. A flaw was discovered in the OpenStack Image service where a tenant could manipulate the status of their images by submitting an HTTP PUT request together with an 'x-image-meta-status' header. A malicious tenant could exploit this flaw to reactivate disabled images, bypass storage quotas, and in some cases replace image contents. Setups using the Image service's v1 API could allow the illegal modification of image status. Additionally, setups which also use the v2 API could allow a subsequent re-upload of image contents.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2015-5251, CVE-2015-5286
MD5 | c340b401e75dc64c304c0f0262ccfdb1
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

February 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    15 Files
  • 2
    Feb 2nd
    15 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    13 Files
  • 5
    Feb 5th
    16 Files
  • 6
    Feb 6th
    15 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    15 Files
  • 9
    Feb 9th
    18 Files
  • 10
    Feb 10th
    8 Files
  • 11
    Feb 11th
    8 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    15 Files
  • 14
    Feb 14th
    15 Files
  • 15
    Feb 15th
    17 Files
  • 16
    Feb 16th
    18 Files
  • 17
    Feb 17th
    37 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close