CVE-2012-4406

OpenStack Swift prior to 1.7.0 is vulnerable: it uses the pickle loads function to serialize/deserialize metadata in memcached, enabling remote code execution via a crafted pickle object. Public advisories (RHSA-2012:1379) note that a fix exists but is not enabled by default; remediation involves...

CVE-2012-4406

OpenStack Object Storage swift before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object...

CVE-2012-4406

OpenStack Object Storage swift before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object...

PT-2012-5379 · Memcached +2 · Memcached +2

Name of the Vulnerable Software and Affected Versions: OpenStack Object Storage swift versions prior to 1.7.0 Description: The issue allows remote attackers to execute arbitrary code via a crafted pickle object. This is due to the unsafe use of the loads function in the pickle Python module when...

CVE-2012-4406

OpenStack Object Storage swift before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object...

Fedora Update for openstack-swift FEDORA-2012-15642

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for openstack-swift FEDORA-2012-15642

Check for the Version of openstack-swift OpenVAS Vulnerability Test Fedora Update for openstack-swift FEDORA-2012-15642 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...

[SECURITY] Fedora 17 Update: openstack-swift-1.4.8-3.fc17

OpenStack Object Storage swift aggregates commodity servers to work toget her in clusters for reliable, redundant, and large-scale storage of static obje cts. Objects are written to multiple hardware devices in the data center, with t he OpenStack software responsible for ensuring data replicatio...

Fedora 17 : openstack-swift-1.4.8-3.fc17 (2012-15642)

Do not use pickle for serialization in memcache CVE-2012-4406 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Low: Red Hat Security Advisory: python-django-horizon security update

Updated python-django-horizon packages that fix one security issue are now available for Red Hat OpenStack Essex. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

OpenStack-Horizon: Open redirect through 'next' parameter

Open redirect vulnerability in views/authforms.py in OpenStack Dashboard Horizon Essex 2012.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by...

Openstack-Swift: insecure use of python pickle()

OpenStack Object Storage swift before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object...

Important: Red Hat Security Advisory: openstack-swift security update

Updated openstack-swift packages that fix one security issue are now available for Red Hat OpenStack Essex. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

2012.1.1: fails to raise Unauthorized user error for disabled tenant

OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant...

Important: Red Hat Security Advisory: openstack-keystone security update

Updated openstack-keystone packages that fix multiple security issues are now available for Red Hat OpenStack Essex. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

2012.1.1: fails to validate tokens in Admin API

The 1 OS-KSADM/services and 2 tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete arbitrary services...

Keystone: Lack of authorization for adding users to tenants

OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex 2012.1, allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly...

OpenStack-Keystone: role revocation token issues

OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles...

CVE-2012-4457

OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant...

DEBIAN-CVE-2012-4456

The 1 OS-KSADM/services and 2 tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete arbitrary services...