4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
0.002 Low
EPSS
Percentile
51.9%
A flaw exists in Red Hat Gluster Storage’s OpenStack Object Storage (swiftonfile) due to improper enforcement of metadata constraints. An authenticated, remote attacker can exploit this, via added metadata in several separate calls, to bypass the max_meta_count restraint and store more metadata than allowed by the configuration, resulting in a denial of service condition.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(86306);
script_version("2.7");
script_cvs_date("Date: 2019/10/24 15:35:40");
script_cve_id("CVE-2014-8177");
script_bugtraq_id(76979);
script_xref(name:"RHSA", value:"2015:1845");
script_name(english:"RHEL 6 : swiftonfile (RHSA-2015:1845)");
script_summary(english:"Checks the rpm output for the updated packages.");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"A flaw exists in Red Hat Gluster Storage's OpenStack Object Storage
(swiftonfile) due to improper enforcement of metadata constraints. An
authenticated, remote attacker can exploit this, via added metadata in
several separate calls, to bypass the max_meta_count restraint and
store more metadata than allowed by the configuration, resulting in a
denial of service condition.");
script_set_attribute(attribute:"see_also", value:"http://rhn.redhat.com/errata/RHSA-2015-1845.html");
script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-8177.html");
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/08/21");
script_set_attribute(attribute:"patch_publication_date", value:"2015/10/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/07");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:swiftonfile");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2015-2019 Tenable Network Security, Inc.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat Enterprise Linux");
os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat Enterprise Linux");
os_ver = os_ver[1];
if (! ereg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat Enterprise Linux 6.x", "Red Hat Enterprise Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat Enterprise Linux", cpu);
flag = 0;
if (rpm_check(release:"RHEL6", reference:"swiftonfile-1.13.1-5.el6")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "swiftonfile");
}
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | enterprise_linux | swiftonfile | p-cpe:/a:redhat:enterprise_linux:swiftonfile |
redhat | enterprise_linux | 6 | cpe:/o:redhat:enterprise_linux:6 |
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
0.002 Low
EPSS
Percentile
51.9%