exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 3 of 3 RSS Feed

CVE-2016-9185

Status Candidate

Overview

In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 <=6.1.0, and ==7.0.0.

Related Files

Red Hat Security Advisory 2017-1464-01
Posted Jun 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1464-01 - OpenStack Orchestration is a template-driven engine used to specify and deploy configurations for Compute, Storage, and OpenStack Networking. The service can be used to automate post-deployment actions, which in turn allows automated provisioning of infrastructure, services, and applications. Additionally, Orchestration can be integrated with Telemetry alarms to implement auto-scaling for certain infrastructure resources. Security Fix: An access-control flaw was found in the OpenStack Orchestration service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-9185, CVE-2017-2621
SHA-256 | 032897eb15d698c8daa35ba0177016310243178df03d3361756976b5661ecd82
Red Hat Security Advisory 2017-1456-01
Posted Jun 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1456-01 - OpenStack Orchestration is a template-driven engine used to specify and deploy configurations for Compute, Storage, and OpenStack Networking. The service can be used to automate post-deployment actions, which in turn allows automated provisioning of infrastructure, services, and applications. Additionally, Orchestration can be integrated with Telemetry alarms to implement auto-scaling for certain infrastructure resources. The following packages have been upgraded to a later upstream version: openstack-heat. Multiple security issues have been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-9185
SHA-256 | d0740cd74ad5628e329937a494fb751c4dcbd790e6e89f1a3891ce93e37c7fff
Red Hat Security Advisory 2017-1450-01
Posted Jun 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1450-01 - OpenStack Orchestration is a template-driven engine used to specify and deploy configurations for Compute, Storage, and OpenStack Networking. The service can be used to automate post-deployment actions, which in turn allows automated provisioning of infrastructure, services, and applications. Additionally, Orchestration can be integrated with Telemetry alarms to implement auto-scaling for certain infrastructure resources. Security Fix: An information-leak vulnerability was found in the OpenStack Orchestration service. Launching a new stack with a local URL resulted in a detailed error message, allowing an authenticated user to conduct network discovery and reveal the details of internal network services.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2016-9185
SHA-256 | f7f622210474ce153a11a6d76c433aa12351b2c15b6aa104dd851b9dd8d60d43
Page 1 of 1
Back1Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    18 Files
  • 6
    Oct 6th
    16 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close