EUVD-2012-0020

Malware in sbrugna...

OpenStack Compute (Nova) Improper Input Validation

The 1 EC2 and 2 OS APIs in OpenStack Compute Nova Folsom 2012.2, Essex 2012.1, and Diablo 2011.3 do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restriction...

Design/Logic Flaw

The 1 EC2 and 2 OS APIs in OpenStack Compute Nova Folsom 2012.2, Essex 2012.1, and Diablo 2011.3 do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restriction...

Ubuntu: Security Advisory (USN-1466-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-1466-1: Nova vulnerability

It was discovered that, when defining security groups in Nova using the EC2 or OS APIs, specifying the network protocol e.g. 'TCP' in the incorrect case would cause the security group to not be applied correctly. An attacker could use this to bypass Nova security group restrictions...