what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 3 of 3 RSS Feed

CVE-2015-7944

Status Candidate

Overview

The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service (resource consumption) via SSL parameter renegotiation.

Related Files

Ganeti Denial Of Service / Information Disclosure
Posted Jan 5, 2016
Authored by Pierre Kim

Ganeti suffers from unauthenticated information disclosure and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability, info disclosure
advisories | CVE-2015-7944, CVE-2015-7945
SHA-256 | b366b0e8cdc76ece2a45806306e7e5adc7f7ed618bac49a090623b0b34db5e3c
Debian Security Advisory 3431-1
Posted Jan 1, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3431-1 - Pierre Kim discovered two vulnerabilities in the restful API of Ganeti, a virtual server cluster management tool. SSL parameter negotiation could result in denial of service and the DRBD secret could leak.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2015-7944, CVE-2015-7945
SHA-256 | a01b455cafe98df2e893e64cd046ef310b011a73d6fce093f20678aa83e07f64
Ganeti Leaked Secret / Denial Of Service
Posted Dec 31, 2015
Authored by Open Source CERT, Daniele Bianco

Ganeti, an open source virtualization manager, suffers from multiple issues in its RESTful control interface (RAPI). The distributed replicated storage (DRBD) secret is leaked by the RAPI interface when job results are requested. Leveraging on the knowledge of this secret, a malicious user who had already gained access to the storage network of the cluster can retrieve instance data more easily and reliably. The RAPI interface is also vulnerable to a denial of service condition, triggered via SSL parameter renegotiation issued by a malicious client. The condition leads to resource exhaustion on the master node. Many versions are affected.

tags | advisory, denial of service
advisories | CVE-2015-7944, CVE-2015-7945
SHA-256 | 4908b0ea745ca775be075350bb329e3afa85d1d65858822a85447b0558240754
Page 1 of 1
Back1Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close