Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:31454
HistoryDec 01, 2014 - 12:00 a.m.

[USN-2405-1] OpenStack Cinder vulnerabilities

2014-12-0100:00:00
vulners.com
12
JSON

==========================================================================
Ubuntu Security Notice USN-2405-1
November 11, 2014

cinder vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS

Summary:

OpenStack Cinder could be made to expose sensitive information over the
network.

Software Description:

  • cinder: OpenStack storage service

Details:

Duncan Thomas discovered that OpenStack Cinder did not properly track the
file format when using the GlusterFS of Smbfs drivers. A remote
authenticated user could exploit this to potentially obtain file contents
from the compute host. (CVE-2014-3641)

Amrith Kumar discovered that OpenStack Cinder did not properly sanitize log
message contents. Under certain circumstances, a local attacker with read
access to Cinder log files could obtain access to sensitive information.
(CVE-2014-7230)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
python-cinder 1:2014.1.3-0ubuntu1.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2405-1
CVE-2014-3641, CVE-2014-7230

Package Information:
https://launchpad.net/ubuntu/+source/cinder/1:2014.1.3-0ubuntu1.1

– ubuntu-security-announce mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Related

openvas 2
ubuntu 2
nessus 4
debiancve 2
cve 2
prion 2
veracode 2
securityvulns 2
ubuntucve 2
redhat 3
freebsd 1
github 1
fedora 1
osv 1
openvas
openvas
Ubuntu Update for cinder USN-2405-1
2014-11-12 00:00:00
Ubuntu Update for nova USN-2407-1
2014-11-12 00:00:00
ubuntu
ubuntu
OpenStack Cinder vulnerabilities
2014-11-11 00:00:00
OpenStack Nova vulnerabilities
2014-11-11 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : OpenStack Cinder vulnerabilities (USN-2405-1)
2014-11-12 00:00:00
FreeBSD : py-cinder -- data leak (f4a94232-7864-4afb-bbf9-ff2dc8e288d1)
2023-04-14 00:00:00
Fedora 21 : openstack-cinder-2014.1.3-1.fc21 (2014-12417)
2014-11-03 00:00:00
debiancve
debiancve
CVE-2014-7230
2014-10-08 19:55:00
CVE-2014-3641
2014-10-08 19:55:00
cve
cve
CVE-2014-7230
2014-10-08 19:55:00
CVE-2014-3641
2014-10-08 19:55:00
prion
prion
Design/Logic Flaw
2014-10-08 19:55:00
Design/Logic Flaw
2014-10-08 19:55:00
veracode
veracode
Information Disclosure
2019-01-15 09:03:13
Information Disclosure
2019-01-15 09:02:56
securityvulns
securityvulns
OpenStack multiple security vulnerabilities
2014-12-01 00:00:00
[USN-2407-1] OpenStack Nova vulnerabilities
2014-12-01 00:00:00
ubuntucve
ubuntucve
CVE-2014-7230
2014-10-08 00:00:00
CVE-2014-3641
2014-10-08 00:00:00
redhat
redhat
(RHSA-2014:1787) Moderate: openstack-cinder security and bug fix update
2014-11-03 08:33:04
(RHSA-2014:1788) Moderate: openstack-cinder security and bug fix update
2014-11-03 08:33:15
(RHSA-2014:1939) Low: openstack-trove security update
2014-12-02 16:42:21
freebsd
freebsd
py-cinder -- data leak
2022-05-17 00:00:00
github
github
OpenStack Cinder Exposure of Sensitive Information to an Unauthorized Actor vulnerability
2022-05-17 04:21:11
fedora
fedora
[SECURITY] Fedora 21 Update: openstack-cinder-2014.1.3-1.fc21
2014-11-01 16:52:05
osv
osv
OpenStack Cinder Exposure of Sensitive Information to an Unauthorized Actor vulnerability
2022-05-17 04:21:11
JSON
Related for SECURITYVULNS:DOC:31454
openvas2ubuntu2nessus4debiancve2cve2prion2veracode2securityvulns2ubuntucve2redhat3freebsd1github1fedora1osv1