CVE-2012-4066

Priority
Medium
Description
The internal message protocol for Walrus in Eucalyptus 3.2.0 and earlier
does not require signatures for unspecified request headers, which allows
attackers to (1) delete or (2) upload snapshots.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4066
https://eucalyptus.atlassian.net/browse/EUCA-3112
Notes
jdstrand> per upstream, 3.x only. Verified code-not-present on 10.04 LTS
Package
Source: eucalyptus (LP Ubuntu Debian)
Upstream:released (3.1.2)
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 11.10 (Oneiric Ocelot):not-affected
Ubuntu 12.04 LTS (Precise Pangolin):needed
Ubuntu 12.10 (Quantal Quetzal):DNE
Ubuntu 13.04 (Raring Ringtail):DNE
Patches:
Upstream:https://github.com/eucalyptus/eucalyptus/commit/b8a99baed5d24b57fd7124905370f038dfe2c547
More Information

Valid XHTML 1.0 Strict

Updated: 2013-04-25 17:15:05 UTC (commit 6757)