[SECURITY] Fedora 20 Update: openstack-keystone-2013.2.1-1.fc20

Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. This package contains the Keystone daemon...

CVE-2013-2030

keystone/middleware/authtoken.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova...

PYSEC-2013-45

keystone/middleware/authtoken.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova...

Directory traversal

keystone/middleware/authtoken.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova...

PYSEC-2013-45

keystone/middleware/authtoken.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova...

CVE-2013-2030

keystone/middleware/authtoken.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova...

CVE-2013-2030

CVE-2013-2030 affects OpenStack Nova (keystone/middleware/auth_token.py) in Folsom, Grizzly, and Havana. It uses an insecure temporary directory to store signing certificates, enabling local users to spoof servers by pre-creating the directory (e.g., /tmp/keystone-signing-nova on Fedora). Several...

CVE-2013-2030

keystone/middleware/authtoken.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova...

CVE-2013-6795

The Updater in Rackspace Openstack Windows Guest Agent for XenServer before 1.2.6.0 allows remote attackers to execute arbitrary code via a crafted serialized .NET object to TCP port 1984, which triggers the download and extraction of a ZIP file that overwrites the Agent service binary...

Design/Logic Flaw

The Updater in Rackspace Openstack Windows Guest Agent for XenServer before 1.2.6.0 allows remote attackers to execute arbitrary code via a crafted serialized .NET object to TCP port 1984, which triggers the download and extraction of a ZIP file that overwrites the Agent service binary...

CVE-2013-6795

CVE-2013-6795 affects Rackspace OpenStack Windows Guest Agent for XenServer prior to 1.2.6.0. The Updater accepts a serialized .NET object over TCP port 1984, triggering download and extraction of a ZIP that overwrites the Agent binary, enabling remote code execution. Impact: remote arbitrary cod...

CVE-2013-6795

The Updater in Rackspace Openstack Windows Guest Agent for XenServer before 1.2.6.0 allows remote attackers to execute arbitrary code via a crafted serialized .NET object to TCP port 1984, which triggers the download and extraction of a ZIP file that overwrites the Agent service binary...

PT-2013-6113 · Rackspace · Rackspace Openstack Windows Guest Agent

Name of the Vulnerable Software and Affected Versions: Rackspace Openstack Windows Guest Agent for XenServer versions prior to 1.2.6.0 Description: The issue allows remote attackers to execute arbitrary code via a crafted serialized .NET object to TCP port 1984. This triggers the download and...

OpenStack multiple security vulnerabilities

DoS, information leakage...

[USN-2062-1] OpenStack Horizon vulnerability

========================================================================== Ubuntu Security Notice USN-2062-1 December 20, 2013 horizon vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

USN-2062-1: OpenStack Horizon vulnerability

Chris Chapman discovered cross-site scripting XSS vulnerabilities in Horizon via the Volumes and Network Topology pages. An authenticated attacker could exploit these to conduct stored cross-site scripting XSS attacks against users viewing these pages in order to modify the contents or steal...

USN-2061-1: OpenStack Keystone vulnerability

Steven Hardy discovered that Keystone did not properly enforce trusts when using the ec2tokens API. An authenticated attacker could exploit this to retrieve a token not scoped to the trust and elevate privileges to the trustor's roles...

Fedora Update for openstack-nova FEDORA-2013-22693

Check for the Version of openstack-nova OpenVAS Vulnerability Test Fedora Update for openstack-nova FEDORA-2013-22693 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...

Fedora Update for openstack-nova FEDORA-2013-22693

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenStack Heat CFN策略安全绕过漏洞

Bugtraq ID:64243 CVE ID:CVE-2013-6426 OpenStack Heat类似于亚马逊的CloudFormation,它可以基于政策对可能发生的情况定义一个模板。 OpenStack Heat默认API策略实施存在安全漏洞，通过调用CreateStack或UpdateStack方法，in-instance用户可创建或者更新与默认策略相冲突的栈。使用Heat's cloudformation-compatible API的设置受此漏洞影响。 0 OpenStack Heat 2013.x 厂商补丁： OpenStack -----...