CVE-2011-0730

Priority
High
Description
Eucalyptus before 2.0.3 and Eucalyptus EE before 2.0.2, as used in Ubuntu
Enterprise Cloud (UEC) and other products, do not properly interpret signed
elements in SOAP requests, which allows man-in-the-middle attackers to
execute arbitrary commands by modifying a request, related to an "XML
Signature Element Wrapping" or a "SOAP signature replay" issue.
References
Bugs
Notes
jdstrand> aka 'SOAP interfaces vulnerable to XML Signature Element Wrapping
attacks'
jdstrand> new rampart version needed to support correct verification of SOAP
requests from eucalyptus-2.0.3-src-deps.tar.gz
Assigned-to
Daviey
Package
Upstream:released (1.3.0-0euca2)
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):released (1.3.0-0ubuntu7.1)
Ubuntu 11.04 (Natty Narwhal):released (1.3.0-1ubuntu2.1)
Ubuntu 11.10 (Oneiric Ocelot):released (1.3.0-1ubuntu3)
Package
Upstream:released (2.0.3)
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):released (1.6.2-0ubuntu30.5)
Ubuntu 11.04 (Natty Narwhal):released (2.0.1+bzr1256-0ubuntu4.1)
Ubuntu 11.10 (Oneiric Ocelot):released (2.0.1+bzr1256-0ubuntu6)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:21:51 UTC (commit 5347)