CVE-2012-3240
Priority
Medium
Description
The Walrus service in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 allows remote
attackers to gain administrator privileges via a crafted REST request.
attackers to gain administrator privileges via a crafted REST request.
References
Notes
jdstrand> Ubuntu 10.04 LTS is not affected
jdstrand> requires backporting of Partitonn and Partitions which is very
intrusive
jdstrand> upstream did not release patches for the 2.0 series, so I contacted
them for help (2012-08-17)
jdstrand> no response from upstream as of 2012-09-24
jdstrand> requires backporting of Partitonn and Partitions which is very
intrusive
jdstrand> upstream did not release patches for the 2.0 series, so I contacted
them for help (2012-08-17)
jdstrand> no response from upstream as of 2012-09-24
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | DNE |
| Ubuntu 10.04 LTS (Lucid Lynx): | not-affected (code not present) |
| Ubuntu 11.10 (Oneiric Ocelot): | ignored (reached end-of-life) |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected (3.1.0+deps-0precise1) |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |
| Ubuntu 13.04 (Raring Ringtail): | DNE |
| Ubuntu 13.10 (Saucy Salamander): | DNE |
Patches:
| Upstream: | https://github.com/eucalyptus/eucalyptus/commit/eb36703c0ba7225de03e15885d5ca12a3f917734 |
| Upstream: | https://github.com/eucalyptus/eucalyptus/commit/854ac92f6e15a00524729bef9af89f95cf34528d |