drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in Eucalyptus
Name: |
Ausführen beliebiger Kommandos in Eucalyptus |
|
ID: |
USN-1137-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 |
|
Datum: |
Do, 26. Mai 2011, 18:07 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0730 |
|
Applikationen: |
Eucalyptus |
|
Originalnachricht |
--===============5258586194148991978== Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-cyMFaZiQsBCYFnwd4sW2"
--=-cyMFaZiQsBCYFnwd4sW2 Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1137-1 May 26, 2011
eucalyptus, rampart vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS
Summary:
An attacker could send crafted input to Eucalyptus to run commands as a valid user.
Software Description: - eucalyptus: Elastic Utility Computing Architecture - rampart: Apache web services security engine
Details:
Juraj Somorovsky, Jorg Schwenk, Meiko Jensen and Xiaofeng Lou discovered that Eucalyptus did not properly validate SOAP requests. An unauthenticated remote attacker could exploit this to submit arbitrary commands to the Eucalyptus SOAP interface in the context of an authenticated user.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.04: eucalyptus-cloud 2.0.1+bzr1256-0ubuntu4.1 librampart0 1.3.0-1ubuntu2.1
Ubuntu 10.10: eucalyptus-cloud 2.0+bzr1241-0ubuntu4.2 librampart0 1.3.0-1ubuntu1.1
Ubuntu 10.04 LTS: eucalyptus-cloud 1.6.2-0ubuntu30.5 librampart0 1.3.0-0ubuntu7.1
In general, a standard system update will make all the necessary changes.
References: CVE-2011-0730
Package Information: https://launchpad.net/ubuntu/+source/eucalyptus/2.0.1+bzr1256-0ubuntu4.1 https://launchpad.net/ubuntu/+source/rampart/1.3.0-1ubuntu2.1 https://launchpad.net/ubuntu/+source/eucalyptus/2.0+bzr1241-0ubuntu4.2 https://launchpad.net/ubuntu/+source/rampart/1.3.0-1ubuntu1.1 https://launchpad.net/ubuntu/+source/eucalyptus/1.6.2-0ubuntu30.5 https://launchpad.net/ubuntu/+source/rampart/1.3.0-0ubuntu7.1
--ÜyMFaZiQsBCYFnwd4sW2 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJN3m0aAAoJEFHb3FjMVZVzAQEQAIGXT2bEQRVgaNGl5enabLZH yA7lmHZ1NDU9ToNLW9mB2e5UbDJtxw+GYV+GYOPyoUHz57Gp5cEGve6zcXYMkTrz roUqYskbKYp3onJK4+pivU4FOygqHaOrHw8RG7HbHT1EuhKP3w6fxwM92ouSRmmf HGifTC1nF3Af1OsOFNNWtUR1ohodFyZItrW6pU3ij2rHGPgkYtJ3h2eGjVFhaKba DRQMIY7brNtX+IrO9xw39IYFD8D7jLh5wSJTUGpGEt2+swId8y64pfOVjUmNOFUR XTXg1QIy3w0GoF6c4So01T40cvVTZfZHmsAjkvBHnf5RL5hWQSXuy2U4WZ5vB02c sCoSwBx8CRJSqxYsdl4q/d4RtYoVDLm8Ynt043LOjvAVe1F57WRZJBwxFdo8ibmt Qk63LbykIn1AyZMF10tvb+zGe1nIN7no8kBC19ovJMKKSDHUq0Tp2Ids4U7Sj2Li LME781NZz3YWHww9MkjjwwUfEG/M4JkRbi0LB0L1rn3Yp4srlVthV5NNvQ06HkSr I4mpYSl/mSaUhVx2u9VJF+T3JWarMiGd8BJHr78lkq41Vph0se2A9L5XvcDdupM/ V6EilUOs1EGr+CLkxCXqrRZDeQkXFQzpVAOQk0sX0O1njOvehREKD2zJbUvM+zmw s+WIJKJ7WJPnz3dLTk8t =HYF9 -----END PGP SIGNATURE-----
--=-cyMFaZiQsBCYFnwd4sW2--
--===============5258586194148991978== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============5258586194148991978==--
|
|
|
|