EUVD-2015-1953

Malware in sbrugna...

RHEL 7 : openstack-puppet-modules (RHSA-2017:0359)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2017:0359 advisory. openstack-puppet-modules provides a collection of Puppet modules which Red Hat OpenStack Platform director uses to install and configure OpenStack...

RHEL 6 : openstack-packstack and openstack-puppet-modules update (Important) (RHSA-2015:0832)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:0832 advisory. PackStack is a command-line utility for deploying OpenStack on existing servers over an SSH connection. Deployment options are provided either...

RHSA-2015:0831 Red Hat Security Advisory: openstack-packstack and openstack-puppet-modules update

Bulletin has no description...

RHSA-2015:0789 Red Hat Security Advisory: openstack-packstack and openstack-puppet-modules security and bug fix update

Bulletin has no description...

RHSA-2017:0359 Red Hat Security Advisory: openstack-puppet-modules security update

Bulletin has no description...

RHSA-2017:0361 Red Hat Security Advisory: openstack-puppet-modules security update

Bulletin has no description...

Arbitrary Code Execution

openstack-puppet-modules is vulnerable to arbitrary code execution. A known default password is configured in the pcsd daemon, allowing an attacker to gain access to the daemon and execute arbitrary shell commands as root...

Moderate: Red Hat Security Advisory: openstack-puppet-modules security update

An update for openstack-puppet-modules is now available for Red Hat OpenStack Platform 9.0 Mitaka. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

Moderate: Red Hat Security Advisory: openstack-puppet-modules security update

An update for openstack-puppet-modules is now available for Red Hat OpenStack Platform 8.0 Liberty. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

SIMP - System Integrity Management Platform

SIMP is a framework that aims to provide a reasonable combination of security compliance and operational flexibility. The ultimate goal of the project is to provide a complete management environment focused on compliance with the various profiles in the SCAP Security Guide Project and industry be...

openstack-puppet-modules: pacemaker configured with default password

It was discovered that the puppet manifests, as provided with the openstack-puppet-modules package, would configure the pcsd daemon with a known default password. If this password was not changed and an attacker was able to gain access to pcsd, they could potentially run shell commands as root...

Important: Red Hat Security Advisory: openstack-packstack and openstack-puppet-modules update

Updated openstack-packstack and openstack-puppet-modules packages that fix one security issue and adds one enhancement are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security...

openstack-puppet-modules: pacemaker configured with default password

It was discovered that the puppet manifests, as provided with the openstack-puppet-modules package, would configure the pcsd daemon with a known default password. If this password was not changed and an attacker was able to gain access to pcsd, they could potentially run shell commands as root...

Red Hat openstack-puppet-modules trust management vulnerability

Red Hat openstack-puppet-modules is a Red Hat implementation of Puppet a configuration management tool based on a client/server architecture capable of configuring core OpenStack services. A security vulnerability in the puppet manifests in Red Hat openstack-puppet-modules versions prior to...

CVE-2015-1842

The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors...

Default credentials

The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors...

CVE-2015-1842

CVE-2015-1842 relates to Red Hat OpenStack modules where the puppet manifests in the openstack-puppet-modules package were configured with a known default password for the pcsd daemon (CHANGEME). If this password is not changed and an attacker can access pcsd remotely, they could execute arbitrar...

PT-2015-1274 · Openstack · Openstack Puppet Module

Name of the Vulnerable Software and Affected Versions: openstack-puppet-modules versions prior to 2014.2.13-2 Description: The issue concerns the use of a default password 'CHANGEME' for the pcsd daemon in the openstack-puppet-modules package. This allows remote attackers to execute arbitrary she...

Important: Red Hat Security Advisory: openstack-packstack and openstack-puppet-modules security and bug fix update

Updated openstack-packstack and openstack-puppet-modules packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring...