7 matches found
Linux Distros Unpatched Vulnerability : CVE-2015-5303
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The TripleO Heat templates tripleo-heat-templates, when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata...
Ubuntu 14.04 LTS : OpenStack Nova vulnerability (USN-2325-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2325-1 advisory. Alex Gaynor discovered that OpenStack Nova would sometimes respond with variable times when comparing authentication tokens. If nova were configured to proxy...
USN-2325-1 nova vulnerability
Alex Gaynor discovered that OpenStack Nova would sometimes respond with variable times when comparing authentication tokens. If nova were configured to proxy metadata requests via Neutron, a remote authenticated attacker could exploit this to conduct timing attacks and ascertain configuration...
openstack-nova: timing attack issue allows access to other instances' configuration information
A side-channel timing attack flaw was found in Nova. An attacker could possibly use this flaw to guess valid instance ID signatures, giving them access to details of another instance, by analyzing the response times of requests for instance metadata. This issue only affected configurations that...
DEBIAN-CVE-2014-3517
api/metadata/handler.py in OpenStack Compute Nova before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in...
PT-2014-5368 · Openstack +1 · Openstack Compute +2
Name of the Vulnerable Software and Affected Versions: OpenStack Compute Nova versions prior to 2013.2.4 OpenStack Compute Nova versions 2014.x prior to 2014.1.2 OpenStack Compute Nova Juno versions prior to Juno-2 Description: The issue makes it easier for remote attackers to guess instance ID...
openstack-nova: timing attack issue allows access to other instances' configuration information
A side-channel timing attack flaw was found in Nova. An attacker could possibly use this flaw to guess valid instance ID signatures, giving them access to details of another instance, by analyzing the response times of requests for instance metadata. This issue only affected configurations that...