EUVD-2014-8018

Malware in sbrugna...

Remote Code Execution (RCE)

swiftonfile is vulnerable to remote code execution. A flaw was found in the way swiftonfile gluster-swift serialized and stored metadata on disk by using Python's pickle module. A remote, authenticated user could use this flaw to execute arbitrary code on the storage node...

Design/Logic Flaw

The Red Hat gluster-swift package, as used in Red Hat Gluster Storage formerly Red Hat Storage Server, allows remote authenticated users to bypass the maxmetacount constraint via multiple crafted requests which exceed the limit when combined...

CVE-2014-8177

CVE-2014-8177 affects Red Hat Gluster Storage’s OpenStack Swift component (gluster-swift). The issue allows remote authenticated users to bypass the max_meta_count constraint by issuing multiple crafted requests that cumulatively exceed the configured limit, enabling excess metadata storage. Root...

gluster-swift metadata constraints are not correctly enforced

A flaw was found in the metadata constraints in Red Hat Gluster Storage's OpenStack Object Storage swiftonfile. By adding metadata in several separate calls, a malicious user could bypass the maxmetacount constraint, and store more metadata than allowed by the configuration...

Important: Red Hat Security Advisory: python-keystoneclient security update

Updated python-keystoneclient packages that fix one security issue are now available for Red Hat Storage 2.1. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...