Описание
The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via the resource type in a template, as demonstrated by file:///dev/zero.
A vulnerability was discovered in the OpenStack Orchestration service (heat), where a specially formatted template could be used to trick the heat-engine service into opening a local file. Although the file contents are never disclosed to the end user, an OpenStack-authenticated attacker could use this flaw to cause a denial of service or determine whether a given file name is present on the server.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenStack Platform 8 (Liberty) | openstack-heat | Affected | ||
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 | openstack-heat | Fixed | RHSA-2016:0440 | 14.03.2016 |
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 | openstack-heat | Fixed | RHSA-2016:0441 | 14.03.2016 |
| Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 | openstack-heat | Fixed | RHSA-2016:0442 | 14.03.2016 |
| Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 | openstack-heat | Fixed | RHSA-2016:0266 | 18.02.2016 |
Показывать по
Дополнительная информация
Статус:
6.8 Medium
CVSS2
Связанные уязвимости
The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via the resource type in a template, as demonstrated by file:///dev/zero.
The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via the resource type in a template, as demonstrated by file:///dev/zero.
The template-validate command in OpenStack Orchestration API (Heat) be ...
The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via the resource type in a template, as demonstrated by file:///dev/zero.
6.8 Medium
CVSS2