Debian Security Advisory DSA 2737-1 (swift - several vulnerabilities)

2013-08-12T00:00:00
ID OPENVAS:1361412562310892737
Type openvas
Reporter Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net
Modified 2019-03-18T00:00:00

Description

Several vulnerabilities have been discovered in Swift, the Openstack object storage. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2013-2161 Alex Gaynor from Rackspace reported a vulnerability in XML handling within Swift account servers. Account strings were unescaped in xml listings, and an attacker could potentially generate unparsable or arbitrary XML responses which may be used to leverage other vulnerabilities in the calling software.

CVE-2013-4155 Peter Portante from Red Hat reported a vulnerability in Swift. By issuing requests with an old X-Timestamp value, an authenticated attacker can fill an object server with superfluous object tombstones, which may significantly slow down subsequent requests to that object server, facilitating a Denial of Service attack against Swift clusters.

                                        
                                            # OpenVAS Vulnerability Test
# $Id: deb_2737.nasl 14276 2019-03-18 14:43:56Z cfischer $
# Auto-generated from advisory DSA 2737-1 using nvtgen 1.0
# Script version: 1.0
#
# Author:
# Greenbone Networks
#
# Copyright:
# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.892737");
  script_version("$Revision: 14276 $");
  script_cve_id("CVE-2013-2161", "CVE-2013-4155");
  script_name("Debian Security Advisory DSA 2737-1 (swift - several vulnerabilities)");
  script_tag(name:"last_modification", value:"$Date: 2019-03-18 15:43:56 +0100 (Mon, 18 Mar 2019) $");
  script_tag(name:"creation_date", value:"2013-08-12 00:00:00 +0200 (Mon, 12 Aug 2013)");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_xref(name:"URL", value:"http://www.debian.org/security/2013/dsa-2737.html");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net");
  script_family("Debian Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB7");
  script_tag(name:"affected", value:"swift on Debian Linux");
  script_tag(name:"solution", value:"For the stable distribution (wheezy), these problems have been fixed in
version 1.4.8-2+deb7u1.

For the unstable distribution (sid), these problems have been fixed in
version 1.8.0-6.

We recommend that you upgrade your swift packages.");
  script_tag(name:"summary", value:"Several vulnerabilities have been discovered in Swift, the Openstack
object storage. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2013-2161
Alex Gaynor from Rackspace reported a vulnerability in XML
handling within Swift account servers. Account strings were
unescaped in xml listings, and an attacker could potentially
generate unparsable or arbitrary XML responses which may be
used to leverage other vulnerabilities in the calling software.

CVE-2013-4155
Peter Portante from Red Hat reported a vulnerability in Swift.
By issuing requests with an old X-Timestamp value, an
authenticated attacker can fill an object server with superfluous
object tombstones, which may significantly slow down subsequent
requests to that object server, facilitating a Denial of Service
attack against Swift clusters.");
  script_tag(name:"vuldetect", value:"This check tests the installed software version using the apt package manager.");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

res = "";
report = "";
if((res = isdpkgvuln(pkg:"python-swift", ver:"1.4.8-2+deb7u1", rls:"DEB7")) != NULL) {
  report += res;
}
if((res = isdpkgvuln(pkg:"swift", ver:"1.4.8-2+deb7u1", rls:"DEB7")) != NULL) {
  report += res;
}
if((res = isdpkgvuln(pkg:"swift-account", ver:"1.4.8-2+deb7u1", rls:"DEB7")) != NULL) {
  report += res;
}
if((res = isdpkgvuln(pkg:"swift-container", ver:"1.4.8-2+deb7u1", rls:"DEB7")) != NULL) {
  report += res;
}
if((res = isdpkgvuln(pkg:"swift-doc", ver:"1.4.8-2+deb7u1", rls:"DEB7")) != NULL) {
  report += res;
}
if((res = isdpkgvuln(pkg:"swift-object", ver:"1.4.8-2+deb7u1", rls:"DEB7")) != NULL) {
  report += res;
}
if((res = isdpkgvuln(pkg:"swift-proxy", ver:"1.4.8-2+deb7u1", rls:"DEB7")) != NULL) {
  report += res;
}

if(report != "") {
  security_message(data:report);
} else if(__pkg_match) {
  exit(99);
}