drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in Eucalyptus
| Name: |
Ausführen beliebiger Kommandos in Eucalyptus |
|
| ID: |
USN-1137-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 |
|
| Datum: |
Do, 26. Mai 2011, 18:07 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0730 |
|
| Applikationen: |
Eucalyptus |
|
Originalnachricht |
--===============5258586194148991978==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature"; boundary="=-cyMFaZiQsBCYFnwd4sW2"
--=-cyMFaZiQsBCYFnwd4sW2
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable
==========================================================================
Ubuntu Security Notice USN-1137-1
May 26, 2011
eucalyptus, rampart vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
An attacker could send crafted input to Eucalyptus to run commands as
a valid user.
Software Description:
- eucalyptus: Elastic Utility Computing Architecture
- rampart: Apache web services security engine
Details:
Juraj Somorovsky, Jorg Schwenk, Meiko Jensen and Xiaofeng Lou discovered
that Eucalyptus did not properly validate SOAP requests. An unauthenticated
remote attacker could exploit this to submit arbitrary commands to the
Eucalyptus SOAP interface in the context of an authenticated user.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.04:
eucalyptus-cloud 2.0.1+bzr1256-0ubuntu4.1
librampart0 1.3.0-1ubuntu2.1
Ubuntu 10.10:
eucalyptus-cloud 2.0+bzr1241-0ubuntu4.2
librampart0 1.3.0-1ubuntu1.1
Ubuntu 10.04 LTS:
eucalyptus-cloud 1.6.2-0ubuntu30.5
librampart0 1.3.0-0ubuntu7.1
In general, a standard system update will make all the necessary changes.
References:
CVE-2011-0730
Package Information:
https://launchpad.net/ubuntu/+source/eucalyptus/2.0.1+bzr1256-0ubuntu4.1
https://launchpad.net/ubuntu/+source/rampart/1.3.0-1ubuntu2.1
https://launchpad.net/ubuntu/+source/eucalyptus/2.0+bzr1241-0ubuntu4.2
https://launchpad.net/ubuntu/+source/rampart/1.3.0-1ubuntu1.1
https://launchpad.net/ubuntu/+source/eucalyptus/1.6.2-0ubuntu30.5
https://launchpad.net/ubuntu/+source/rampart/1.3.0-0ubuntu7.1
--ÜyMFaZiQsBCYFnwd4sW2
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJN3m0aAAoJEFHb3FjMVZVzAQEQAIGXT2bEQRVgaNGl5enabLZH
yA7lmHZ1NDU9ToNLW9mB2e5UbDJtxw+GYV+GYOPyoUHz57Gp5cEGve6zcXYMkTrz
roUqYskbKYp3onJK4+pivU4FOygqHaOrHw8RG7HbHT1EuhKP3w6fxwM92ouSRmmf
HGifTC1nF3Af1OsOFNNWtUR1ohodFyZItrW6pU3ij2rHGPgkYtJ3h2eGjVFhaKba
DRQMIY7brNtX+IrO9xw39IYFD8D7jLh5wSJTUGpGEt2+swId8y64pfOVjUmNOFUR
XTXg1QIy3w0GoF6c4So01T40cvVTZfZHmsAjkvBHnf5RL5hWQSXuy2U4WZ5vB02c
sCoSwBx8CRJSqxYsdl4q/d4RtYoVDLm8Ynt043LOjvAVe1F57WRZJBwxFdo8ibmt
Qk63LbykIn1AyZMF10tvb+zGe1nIN7no8kBC19ovJMKKSDHUq0Tp2Ids4U7Sj2Li
LME781NZz3YWHww9MkjjwwUfEG/M4JkRbi0LB0L1rn3Yp4srlVthV5NNvQ06HkSr
I4mpYSl/mSaUhVx2u9VJF+T3JWarMiGd8BJHr78lkq41Vph0se2A9L5XvcDdupM/
V6EilUOs1EGr+CLkxCXqrRZDeQkXFQzpVAOQk0sX0O1njOvehREKD2zJbUvM+zmw
s+WIJKJ7WJPnz3dLTk8t
=HYF9
-----END PGP SIGNATURE-----
--=-cyMFaZiQsBCYFnwd4sW2--
--===============5258586194148991978==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============5258586194148991978==--
|
|
|
|
