Moderate: Red Hat Security Advisory: openstack-swift security update

Updated openstack-swift packages that fix one security issue are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Moderate: Red Hat Security Advisory: openstack-cinder security update

Updated openstack-cinder packages that fix two security issues are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

OpenStack: Swift Denial of Service using superfluous object tombstones

OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service "superfluous" tombstone consumption and Swift cluster slowdown via a DELETE request with a timestamp that is older than expected...

Important: Red Hat Security Advisory: Foreman security update

Updated Foreman packages that fix two security issues are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are availabl...

OpenStack Swift 远程拒绝服务漏洞(CVE-2013-4155)

Bugtraq ID:61690 CVE ID:CVE-2013-4155 OpenStack Swift是OpenStack开源云计算项目的子项目之一,被称为对象存储,提供了强大的扩展性、冗余和持久性 OpenStack Swift存在一个安全漏洞，通过提交包含旧的X-Timestamp值的请求，通过验证的攻击者可把多余对象tombstone填充到对象服务器中，可明显减缓对该对象服务器的请求，对Swift集群进行拒绝服务攻击 0 OpenStack Swift 厂商解决方案 用户可参考如下厂商提供的安全补丁以修复该漏洞： Havana development branch fix:...

OpenStack Cinder 信息泄漏漏洞(CVE-2013-4183)

Bugtraq ID:61689 CVE ID:CVE-2013-4183 OpenStack Cinder是为Openstack提供块存储的功能 OpenStack Cinder LVM卷驱动存在一个安全漏洞，当配置了安全删除secure delete时LVM快照内容可能没有正确删除清除，可导致这些数据泄漏给之后租此服务器的租户 0 OpenStack Cinder 厂商解决方案 用户可参考如下厂商提供的安全补丁以修复该漏洞： Havana development branch fix: https://review.openstack.org/36506 Grizzly fix:...

Fedora Update for python-keystoneclient FEDORA-2013-13900

Check for the Version of python-keystoneclient OpenVAS Vulnerability Test Fedora Update for python-keystoneclient FEDORA-2013-13900 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

CVE-2013-4261

OpenStack Compute Nova Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service connection pool consumption, as demonstrated using multiple requests that send...

Foreman (Red Hat OpenStack/Satellite) users/create Mass Assignment

This Metasploit module exploits a mass assignment vulnerability in the create action of users controller of Foreman and Red Hat OpenStack/Satellite Foreman 1.2.0-RC1 and earlier by creating an arbitrary administrator account. For this exploit to work, your account must have createusers permission...

Foreman (RedHat OpenStack/Satellite) - users/create Mass Assignment (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit4 'Foreman Red Hat OpenStack/Satellite...

[SECURITY] Fedora 18 Update: python-keystoneclient-0.2.0-2.fc18

Client library and command line utility for interacting with Openstack Keystone's API...

Foreman (Red Hat OpenStack/Satellite) users/create Mass Assignment

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit4 'Foreman Red Hat OpenStack/Satellite...

CVE-2013-2161

XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name...

CVE-2013-2161

XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name...

CVE-2013-2157

OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password...

CVE-2013-4155

OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service "superfluous" tombstone consumption and Swift cluster slowdown via a DELETE request with a timestamp that is older than expected...

DEBIAN-CVE-2013-2157

OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password...

CVE-2013-4155

OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service "superfluous" tombstone consumption and Swift cluster slowdown via a DELETE request with a timestamp that is older than expected...

DEBIAN-CVE-2013-4155

OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service "superfluous" tombstone consumption and Swift cluster slowdown via a DELETE request with a timestamp that is older than expected...

CVE-2013-2157

OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password...