Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в PolarSSL
Опубликовано:28 октября 2013 г.
Источник:
SecurityVulns ID:13381
Тип:удаленная
Уровень опасности:
5/10
Описание:DoS, переполнение буфера, timing-атаки.
Затронутые продукты:POLARSSL : PolarSSL 1.2
CVE:CVE-2013-5915 (The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow remote attackers to conduct a timing side-channel attack and retrieve RSA private keys.)
 CVE-2013-5914 (Buffer overflow in the ssl_read_record function in ssl_tls.c in PolarSSL before 1.1.8, when using TLS 1.1, might allow remote attackers to execute arbitrary code via a long packet.)
 CVE-2013-4623 (The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 and 1.2.x before 1.2.8 does not properly parse certificate messages during the SSL/TLS handshake, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certificate message that contains a PEM encoded certificate.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2782-1] polarssl security update (28.10.2013)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
дополнено с 27 октября 2013 г.
Опубликовано:28 октября 2013 г.
Источник:
SecurityVulns ID:13369
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:BUGZILLA : Bugzilla 4.4
 WORDPRESS : Cart66 1.5
 UPLOADIFY : Uploadify 3.2
 WEBCOLLAB : WebCollab 3,30
 MODX : MODx 2.2
 ZIKULA : Zikula CMS 1.3
 DORNCMS : DornCMS 1.4
 ZAPMS : ZAPms 1.42
 SYMANTEC : Workspace Streaming 7.5
 GUPPY : GuppY 4.6
 APACHE : Shindig PHP 2.5
CVE:CVE-2013-5983 (Multiple cross-site scripting (XSS) vulnerabilities in GuppY before 4.6.28 allow remote attackers to inject arbitrary web script or HTML via the (1) "an" parameter to agenda.php or (2) cat parameter to mobile/thread.php.)
 CVE-2013-5978
 CVE-2013-5977 (Cross-site request forgery (CSRF) vulnerability in Cart66Product.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allows remote attackers to hijack the authentication of administrators for requests that (1) create or modify products or conduct cross-site scripting (XSS) attacks via the (2) Product name or (3) Price description field in a product save action via a request to wp-admin/admin.php.)
 CVE-2013-4295 (The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote attackers to obtain sensitive information via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.)
 CVE-2013-2652 (CRLF injection vulnerability in help/help_language.php in WebCollab 3.30 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the item parameter.)
 CVE-2013-1743 (Multiple cross-site scripting (XSS) vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the (1) summary or (2) real name field. NOTE: this issue exists because of an incomplete fix for CVE-2012-4189.)
 CVE-2013-1742 (Multiple cross-site scripting (XSS) vulnerabilities in editflagtypes.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) sortkey parameter.)
 CVE-2013-1734 (Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that commit an attachment change via an update action.)
 CVE-2013-1733 (Cross-site request forgery (CSRF) vulnerability in process_bug.cgi in Bugzilla 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that modify bugs via vectors involving a midair-collision token.)
Оригинальный текстdocumentAPACHE, [CVE-2013-4295] Apache Shindig information disclosure vulnerability (28.10.2013)
 documentHigh-Tech Bridge Security Research, Cross-Site Scripting (XSS) in GuppY (28.10.2013)
 documentrgod, Symantec Workspace Streaming 7.5.0.493 SWS Streamlet Engine Invoker Servlets Remote Code Execution (28.10.2013)
 documentjsibley1_(at)_gmail.com, Wordpress Cart66 Plugin 1.5.1.14 Multiple Vulnerabilities (27.10.2013)
 documentVulnerability Lab, ZAPms v1.42 CMS - Client Side Cross Site Scripting Web Vulnerability (27.10.2013)
 documentVulnerability Lab, DornCMS Application v1.4 - Multiple Web Vulnerabilities (27.10.2013)
 documentLpSolit_(at)_gmail.com, Security Advisory for Bugzilla 4.4.1, 4.2.7 and 4.0.11 (27.10.2013)
 documentVulnerability Lab, Zikula CMS v1.3.5 - Multiple Web Vulnerabilities (27.10.2013)
 documentiedb.team_(at)_gmail.com, Wordpress videowall Plugin Xss vulnerabilities (27.10.2013)
 documentadvisories_(at)_enkomio.com, [SOJOBO-ADV-13-02] - MODx 2.2.10 Reflected Cross Site Scripting (27.10.2013)
 documentISecAuditors Security Advisories, [ISecAuditors Security Advisories] HTTP Response Splitting Vulnerability in WebCollab <= v3.30 (27.10.2013)
 documentMustLive, AFU and IL vulnerabilities in Uploadify (27.10.2013)
 documentX-Cisadane, WebTester 5.x Multiple Vulnerabilities (27.10.2013)

Многочисленные уязвимости безопасности в Librack
Опубликовано:28 октября 2013 г.
Источник:
SecurityVulns ID:13370
Тип:библиотека
Уровень опасности:
5/10
Описание:DoS, выполнение кода.
Затронутые продукты:RUBY : rack 1.5
CVE:CVE-2013-0263 (Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving am HMAC comparison function that does not run in constant time.)
 CVE-2013-0184 (Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings.")
 CVE-2013-0183 (multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.)
 CVE-2011-5036 (Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2783-2] librack-ruby regression update (28.10.2013)

Проблема символьных линков в Suds
Опубликовано:28 октября 2013 г.
Источник:
SecurityVulns ID:13371
Тип:локальная
Уровень опасности:
4/10
Описание:Проблема символьных линков при создании временных файлов.
Затронутые продукты:PYTHON : Suds 0.4
CVE:CVE-2013-2217 (cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/.)
Оригинальный текстdocumentUBUNTU, [USN-2008-1] Suds vulnerability (28.10.2013)

Слабые разрешения в Apport
Опубликовано:28 октября 2013 г.
Источник:
SecurityVulns ID:13372
Тип:локальная
Уровень опасности:
4/10
Описание:Слабые разрешения при создании дамп-файлов.
Затронутые продукты:APPORT : Apport 2.12
CVE:CVE-2013-1067 (Apport 2.12.5 and earlier uses weak permissions for core dump files created by setuid binaries, which allows local users to obtain sensitive information by reading the file.)
Оригинальный текстdocumentUBUNTU, [USN-2007-1] Apport vulnerability (28.10.2013)

Межсайтовый скриптинг в CA SiteMinder
Опубликовано:28 октября 2013 г.
Источник:
SecurityVulns ID:13373
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:CA : SiteMinder 12.51
CVE:CVE-2013-5968 (Cross-site scripting (XSS) vulnerability in CA SiteMinder 12.0 through 12.51, and SiteMinder 6 Web Agents, allows remote attackers to inject arbitrary web script or HTML via vectors involving a " (double quote) character.)
Оригинальный текстdocumentCA, CA20131024-01: Security Notice for CA SiteMinder (28.10.2013)

Обход аутентификации в RSA Authentication Agent
Опубликовано:28 октября 2013 г.
Источник:
SecurityVulns ID:13375
Тип:удаленная
Уровень опасности:
5/10
Описание:Обход защиты при отказе агента.
Затронутые продукты:EMC : RSA Authentication Agent 7.1
CVE:CVE-2013-3280 (EMC RSA Authentication Agent 7.1.x before 7.1.2 for Web for Internet Information Services has a fail-open design, which allows remote attackers to bypass intended access restrictions via vectors that trigger an agent crash.)
Оригинальный текстdocumentEMC, ESA-2013-067: RSA® Authentication Agent for Web for Internet Information Services (IIS) Security Controls Bypass Vulnerability (28.10.2013)

Обращение к неинициализированной памяти в Mozilla nss
Опубликовано:28 октября 2013 г.
Источник:
SecurityVulns ID:13376
Тип:библиотека
Уровень опасности:
5/10
Описание:Обращение к неинициализированной памяти при декодировании.
Затронутые продукты:MOZILLA : nss 3.15
CVE:CVE-2013-1739 (Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2013:257 ] nss (28.10.2013)

Использование памяти после освобождения в X.Org
Опубликовано:28 октября 2013 г.
Источник:
SecurityVulns ID:13377
Тип:библиотека
Уровень опасности:
7/10
Описание:Использование памяти после освобождения в запросе ImageText.
Затронутые продукты:XORG : X.Org X11 1.14
CVE:CVE-2013-4396 (Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.)
 CVE-2013-1056 (X.org X server 1.13.3 and earlier, when not run as root, allows local users to cause a denial of service (crash) or possibly gain privileges via vectors involving cached xkb files.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2784-1] xorg-server security update (28.10.2013)

Многочисленные уязвимости безопасности в Cisco Identity Services Engine
Опубликовано:28 октября 2013 г.
Источник:
SecurityVulns ID:13378
Тип:удаленная
Уровень опасности:
6/10
Описание:Выполнение кода, обход аутентификации.
Затронутые продукты:CISCO : Cisco Identity Services Engine 1.2
CVE:CVE-2013-5531 (Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405.)
 CVE-2013-5530 (The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before 1.1.2.145-10, 1.1.3 before 1.1.3.124-7, 1.1.4 before 1.1.4.218-7, and 1.2 before 1.2.0.899-2 allows remote authenticated users to execute arbitrary commands via a crafted session on TCP port 443, aka Bug ID CSCuh81511.)
 CVE-2013-2251 (Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.)
Файлы:Multiple Vulnerabilities in Cisco Identity Services Engine
 Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products

Выполнение кода в NetGear ReadyNAS
Опубликовано:28 октября 2013 г.
Источник:
SecurityVulns ID:13379
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекция команд в веб-интерфейсе.
Затронутые продукты:NETGEAR : ReadyNAS 4.2
CVE:CVE-2013-2752 (Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication of users.)
 CVE-2013-2751 (Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow.")
Оригинальный текстdocumentvuln-report_(at)_secur3.us, [CVE-2013-2751, CVE-2013-2752] NETGEAR ReadyNAS Remote Root (28.10.2013)

Многочисленные уязвимости безопасности в ядре Linux
дополнено с 9 сентября 2013 г.
Опубликовано:28 октября 2013 г.
Источник:
SecurityVulns ID:13265
Тип:локальная
Уровень опасности:
6/10
Описание:DoS-условия, повышения привилегий, утечка информации.
Затронутые продукты:LINUX : kernel 2.6
 LINUX : kernel 3.2
 LINUX : kernel 3.5
 LINUX : kernel 3.8
CVE:CVE-2013-4300 (The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing.)
 CVE-2013-4254 (The validate_event function in arch/arm/kernel/perf_event.c in the Linux kernel before 3.10.8 on the ARM platform allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by adding a hardware event to an event group led by a software event.)
 CVE-2013-4205 (Memory leak in the unshare_userns function in kernel/user_namespace.c in the Linux kernel before 3.10.6 allows local users to cause a denial of service (memory consumption) via an invalid CLONE_NEWUSER unshare call.)
 CVE-2013-4163 (The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 implementation in the Linux kernel through 3.10.3 does not properly maintain information about whether the IPV6_MTU setsockopt option had been specified, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call.)
 CVE-2013-4162 (The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call.)
 CVE-2013-2899 (drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device.)
 CVE-2013-2898 (drivers/hid/hid-sensor-hub.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_SENSOR_HUB is enabled, allows physically proximate attackers to obtain sensitive information from kernel memory via a crafted device.)
 CVE-2013-2896 (drivers/hid/hid-ntrig.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_NTRIG is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device.)
 CVE-2013-2892 (drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.)
 CVE-2013-2888 (Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID.)
 CVE-2013-2851 (Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name.)
 CVE-2013-2234 (The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket.)
 CVE-2013-2232 (The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface.)
 CVE-2013-2206 (The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic.)
 CVE-2013-2164 (The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.)
 CVE-2013-2140 (The dispatch_discard_io function in drivers/block/xen-blkback/blkback.c in the Xen blkback implementation in the Linux kernel before 3.10.5 allows guest OS users to cause a denial of service (data loss) via filesystem write operations on a read-only disk that supports the (1) BLKIF_OP_DISCARD (aka discard or TRIM) or (2) SCSI UNMAP feature.)
 CVE-2013-1943 (The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c.)
 CVE-2013-1819 (The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel before 3.7.6 does not validate block numbers, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the ability to mount an XFS filesystem containing a metadata inode with an invalid extent map.)
 CVE-2013-1060 (A certain Ubuntu build procedure for perf, as distributed in the Linux kernel packages in Ubuntu 10.04 LTS, 12.04 LTS, 12.10, 13.04, and 13.10, sets the HOME environment variable to the ~buildd directory and consequently reads the system configuration file from the ~buildd directory, which allows local users to gain privileges by leveraging control over the buildd account.)
 CVE-2013-1059 (net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation.)
 CVE-2013-0343 (The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information, via ICMPv6 Router Advertisement (RA) messages.)
 CVE-2012-5375 (The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (prevention of file creation) by leveraging the ability to write to a directory important to the victim, and creating a file with a crafted name that is associated with a specific CRC32C hash value.)
 CVE-2012-5374 (The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (extended runtime of kernel code) by creating many different files whose names are associated with the same CRC32C hash value.)
Оригинальный текстdocumentUBUNTU, [USN-1998-1] Linux kernel vulnerabilities (28.10.2013)
 documentLinux Kernel Patches For Linux Kernel Security, Linux Kernel Patches For Linux Kernel Security (01.10.2013)
 documentUBUNTU, [USN-1974-1] Linux kernel vulnerabilities (01.10.2013)
 documentUBUNTU, [USN-1968-1] Linux kernel vulnerabilities (01.10.2013)
 documentUBUNTU, USN-1976-1] Linux kernel vulnerabilities (01.10.2013)
 documentUBUNTU, [USN-1939-1] Linux kernel vulnerabilities (09.09.2013)
 documentUBUNTU, [USN-1944-1] Linux kernel vulnerabilities (09.09.2013)

XSS в Watchguard Server Center
Опубликовано:28 октября 2013 г.
Источник:
SecurityVulns ID:13380
Тип:удаленная
Уровень опасности:
5/10
Описание:Многочисленные возможности межсайтового скриптинга.
Затронутые продукты:WATCHGUARD : Watchguard Server Center 11.7
CVE:CVE-2013-5702 (Multiple cross-site scripting (XSS) vulnerabilities in WebCenter in WatchGuard WSM and Fireware before 11.8 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.)
Оригинальный текстdocumentJulien Ahrens, [CVE-2013-5702] Watchguard Server Center v11.7.4 Multiple Non-Persistent Cross-Site Scripting Vulnerabilities (28.10.2013)

Многочисленные уязвимости безопасности в OpenStack
дополнено с 28 октября 2013 г.
Опубликовано:23 декабря 2013 г.
Источник:
SecurityVulns ID:13374
Тип:библиотека
Уровень опасности:
7/10
Описание:Утечка информации, DoS.
Затронутые продукты:OPENSTACK : Nova 2013.1
 OPENSTACK : Cinder 2013.1
 OPENSTACK : glanceclient 0.9
 OPENSTACK : Glance 2013.1
 OPENSTACK : Keystone 2013.1
 OPENSTACK : Swift 1.8
 OPENSTACK : Horizon 2013.2
 OPENSTACK : Keystone 2013.2
CVE:CVE-2013-6858 (Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page.)
 CVE-2013-6391 (The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2tokens API request.)
 CVE-2013-4477 (The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges.)
 CVE-2013-4428 (OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image UUID.)
 CVE-2013-4294 (The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.)
 CVE-2013-4278 (The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for CVE-2013-2256.)
 CVE-2013-4261 (OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log.)
 CVE-2013-4222 (OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token.)
 CVE-2013-4202 (The (1) backup (api/contrib/backups.py) and (2) volume transfer (contrib/volume_transfer.py) APIs in OpenStack Cinder Grizzly 2013.1.3 and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.)
 CVE-2013-4185 (Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests.)
 CVE-2013-4183 (The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors.)
 CVE-2013-4179 (The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.)
 CVE-2013-4179 (The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.)
 CVE-2013-4155 (OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE request with a timestamp that is older than expected.)
 CVE-2013-4111 (The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate and allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.)
 CVE-2013-2256 (OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id.)
Оригинальный текстdocumentUBUNTU, [USN-2062-1] OpenStack Horizon vulnerability (23.12.2013)
 documentUBUNTU, [USN-2061-1] OpenStack Keystone vulnerability (23.12.2013)
 documentUBUNTU, [USN-2034-1] OpenStack Keystone vulnerability (26.11.2013)
 documentUBUNTU, [USN-2001-1] Swift vulnerability (28.10.2013)
 documentUBUNTU, [USN-2000-1] Nova vulnerabilities (28.10.2013)
 documentUBUNTU, [USN-2002-1] Keystone vulnerabilities (28.10.2013)
 documentUBUNTU, [USN-2003-1] Glance vulnerability (28.10.2013)
 documentUBUNTU, [USN-2004-1] python-glanceclient vulnerability (28.10.2013)
 documentUBUNTU, [USN-2005-1] Cinder vulnerabilities (28.10.2013)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород