Design/Logic Flaw

OpenStack Heat Templates heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded packages and allows man-in-the-middle attackers to install arbitrary packages via unspecified vectors...

CVE-2013-2014

OpenStack Identity Keystone before 2013.1 allows remote attackers to cause a denial of service memory consumption and crash via multiple long requests...

Design/Logic Flaw

OpenStack Heat Templates heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows man-in-the-middle attackers to prevent updates via unspecified vectors...

Default configuration

The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid...

Default configuration

The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file...

CVE-2014-0041

OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, is affected. The issue arises when heat-templates configures Yum repositories with sslverify set to false, effectively disabling SSL verification and allowing man-in-the-middle attackers to inte...

CVE-2013-6470

The CVE-2013-6470 entry concerns the default configuration of the standalone controller quickstack manifest in openstack-foreman-installer used with Red Hat Enterprise Linux OpenStack Platform 4.0. The root cause is that the Qpid service is configured without authentication by default, allowing r...

CVE-2013-6433

The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file...

CVE-2014-0040

OpenStack Heat Templates heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download 1 packages and 2 signing keys from Yum repositories, which allows man-in-the-middle attackers to prevent updates via unspecified vectors...

CVE-2014-0042

OpenStack Heat Templates heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded packages and allows man-in-the-middle attackers to install arbitrary packages via unspecified vectors...

CVE-2013-2014

OpenStack Identity Keystone before 2013.1 allows remote attackers to cause a denial of service memory consumption and crash via multiple long requests...

CVE-2013-6433

The CVE-2013-6433 issue affects the Red Hat openstack-neutron package: its default configuration prior to 2013.2.3-7 does not properly set a rootwrap configuration file, enabling privilege escalation by an attacker via a crafted config. The impact is privilege escalation with network-exposed vect...

CVE-2013-2014

OpenStack Identity (Keystone) prior to version 2013.1 is affected. The issue allows remote attackers to cause a denial of service by sending multiple long requests, leading to memory consumption and a crash. This is the stated impact in the CVE description. Remediation suggested in the related en...

CVE-2014-0040

CVE-2014-0040 affects OpenStack Heat Templates (heat-templates) as used in Red Hat OpenStack Platform 4.0. The root cause is HTTP downloads of packages and signing keys via Yum, enabling MITM attackers to block or tamper updates. Red Hat’s RHSA-2014:0579 fixes this (and related CVEs 0041, 0042) b...

CVE-2013-2014

OpenStack Identity Keystone before 2013.1 allows remote attackers to cause a denial of service memory consumption and crash via multiple long requests...

CVE-2014-0041

OpenStack Heat Templates heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows man-in-the-middle attackers to prevent updates via unspecified vectors...

CVE-2014-0042

CVE-2014-0042 affects OpenStack Heat Templates (heat-templates) as used in Red Hat Enterprise Linux OpenStack Platform 4.0. The issue is that certain heat templates disable GPG signature checking by setting gpgcheck=0, allowing potential MITM-style package tampering during downloads. Red Hat’s RH...

CVE-2013-6433

The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file...

UBUNTU-CVE-2013-6433

The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file...

PT-2014-3447 · Red Hat +1 · Yum +2

Name of the Vulnerable Software and Affected Versions: OpenStack Heat Templates heat-templates as used in Red Hat Enterprise Linux OpenStack Platform version 4.0 Description: The issue allows man-in-the-middle attackers to prevent updates via unspecified vectors, as OpenStack Heat Templates uses ...