CVE-2013-1815

A flaw was found in PackStack. This vulnerability allows a local user to modify deployed systems by changing the answer file, which is created in insecure directories such as /tmp or the current working directory. This insecure file creation could lead to unauthorized system modifications...

Design/Logic Flaw

PackStack 2012.2.3 in Red Hat OpenStack Essex and Folsom can create the answer file in insecure directories such as /tmp or the current working directory, which allows local users to modify deployed systems by changing this file...

CVE-2013-1815

A flaw was found in PackStack. This vulnerability allows a local user to modify deployed systems by changing the answer file, which is created in insecure directories such as /tmp or the current working directory. This insecure file creation could lead to unauthorized system modifications...

CVE-2013-1815 Packstack: red hat openstack: packstack: unauthorized system modification via insecure answer file creation

A flaw was found in PackStack. This vulnerability allows a local user to modify deployed systems by changing the answer file, which is created in insecure directories such as /tmp or the current working directory. This insecure file creation could lead to unauthorized system modifications...

CVE-2013-1815

CVE-2013-1815 affects PackStack 2012.2.3 in Red Hat OpenStack Essex/Folsom, where the answer file could be created in insecure directories (e.g., /tmp or cwd), enabling local modification of deployed systems. The RHSA-2013:0671 advisory documents the fix: after the update, PackStack creates the a...

PT-2013-3405

Name of the Vulnerable Software and Affected Versions Red Hat OpenStack PackStack versions 2012.2.3 Description The issue allows local users to modify deployed systems by changing the answer file, which can be created in insecure directories such as /tmp or the current working directory...

packstack: answerfile creation permissions issue

PackStack 2012.2.3 in Red Hat OpenStack Essex and Folsom can create the answer file in insecure directories such as /tmp or the current working directory, which allows local users to modify deployed systems by changing this file...

Moderate: Red Hat Security Advisory: openstack-packstack security and bug fix update

An updated openstack-packstack package that fixes one security issue and several bugs is now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

CVE-2013-0261

A flaw was found in PackStack. A local user could exploit a symlink attack on a temporary file with a predictable name in the /tmp directory. This vulnerability allows the local user to overwrite arbitrary files on the system, potentially leading to system compromise or data corruption...

Code injection

1 installer/basedefs.py and 2 modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp...

Design/Logic Flaw

manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the 1 cinder.conf and 2 api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files...

CVE-2013-0266

A flaw was found in the puppetlabs-cinder module, as used in PackStack. This vulnerability is due to incorrect file permissions, specifically world-readable permissions, on the cinder.conf and api-paste.ini configuration files. A local user can exploit this by reading these files, which leads to...

CVE-2013-0261

A flaw was found in PackStack. A local user could exploit a symlink attack on a temporary file with a predictable name in the /tmp directory. This vulnerability allows the local user to overwrite arbitrary files on the system, potentially leading to system compromise or data corruption...

CVE-2013-0266

CVE-2013-0266 concerns the puppetlabs-cinder PackStack deployment: manifests/base.pp grants world-readable permissions to cinder.conf and api-paste.ini, enabling a local attacker to read OpenStack administrative passwords. Root cause: incorrect file permissions in these configuration files. Affec...

CVE-2013-0261

CVE-2013-0261 concerns PackStack/openstack-packstack. A local attacker can exploit a symlink attack during manifest creation to overwrite arbitrary files in /tmp, potentially affecting files the invoking user can access and, per Red Hat advisory, could lead to denial of service and manipulation o...

CVE-2013-0261 Packstack: packstack: arbitrary file overwrite via symlink attack

A flaw was found in PackStack. A local user could exploit a symlink attack on a temporary file with a predictable name in the /tmp directory. This vulnerability allows the local user to overwrite arbitrary files on the system, potentially leading to system compromise or data corruption...

CVE-2013-0266 Puppetlabs-cinder: packstack: openstack: puppetlabs-cinder: information disclosure of openstack administrative passwords due to world-readable configuration files.

A flaw was found in the puppetlabs-cinder module, as used in PackStack. This vulnerability is due to incorrect file permissions, specifically world-readable permissions, on the cinder.conf and api-paste.ini configuration files. A local user can exploit this by reading these files, which leads to...

PT-2013-2196

Name of the Vulnerable Software and Affected Versions PackStack affected versions not specified Description The issue allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp. This is due to vulnerabilities in two components: 1...

PT-2013-2200

Name of the Vulnerable Software and Affected Versions puppetlabs-cinder module affected versions not specified Description The issue concerns the puppetlabs-cinder module, which is used in PackStack. It allows local users to read OpenStack administrative passwords due to world-readable permission...

packstack: insecure use of /tmp in manifest creation

1 installer/basedefs.py and 2 modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp...