ESA-10: Missing Authorization Vulnerability in Walrus
0 views
Skip to first unread message
Eucalyptus Security Team
Apr 16, 2013, 12:41:01 PM4/16/13
to security...@eucalyptus.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
ESA-10: Missing Authorization Vulnerability in Walrus
====================================================================
Eucalyptus Security Advisory
Advisory ID: ESA-10
Date: 2013-04-16
Severity Level: Low
Affected Versions: Eucalyptus 3.2.1 and earlier
CVE Number: CVE-2013-2296
====================================================================
OVERVIEW
- ------------
A security vulnerability has been identified in the way Walrus was
handling authorization for some operations on buckets in Eucalyptus
3.2.1 and earlier. An update is now available that resolves this
issue. We advise updating all affected Eucalyptus installations
following the instructions below.
DESCRIPTION
- -------------
Walrus is a storage service included with Eucalyptus. A flaw was
identified in the way Walrus checks authorization for some operations
on buckets. As a result, an authenticated user does not require
authorization to enable logging and versioning on buckets and
could potentially get access to activity logs for that bucket.
SOLUTION
- -------------
Eucalyptus version 3.2.2 resolves this issue.
Please see http://www.eucalyptus.com/download/eucalyptus
for instructions on downloading and upgrading to the latest
Eucalyptus software.
CONTACT and HELP
- -------------
Contact the Eucalyptus Security Team at secu...@eucalyptus.com.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
iQEVAwUBUW1/HQtWzWcVzgD8AQg0eAgAwcLyO3fPcxi54jmROGJOUlTWbKgF6+B4
Qs+nyk6R/uVbLaswzzLDK6Jcn0d+uiqYglaMnrZXmtGSAEMRe+a2G6PyCLYGgmcs
9dEb7Sl/ws7IxyVJp2JRq8/O4P+Z+IwvqOzbY/IihoZm17fQZz0naqk7D+SH2DoU
ircMc2wzbMk7hwc230fZB9ypjUGN3x0PGS9oLVu8gZpm3EZiC5pWFGy0uXfqn8hb
p8pZWAM1PIEqlyFN7CCQpLo1RrVEzYshhB+EXWfDSegpmP8LSkXFS5MCCyCVYaZp
49I9jdWVKYWBvPL68Oyj4s/dTJmLHSvRZOFfK88Y7Il8dm3goz0qhA==
=r5bM
-----END PGP SIGNATURE-----
Hash: SHA256
ESA-10: Missing Authorization Vulnerability in Walrus
====================================================================
Eucalyptus Security Advisory
Advisory ID: ESA-10
Date: 2013-04-16
Severity Level: Low
Affected Versions: Eucalyptus 3.2.1 and earlier
CVE Number: CVE-2013-2296
====================================================================
OVERVIEW
- ------------
A security vulnerability has been identified in the way Walrus was
handling authorization for some operations on buckets in Eucalyptus
3.2.1 and earlier. An update is now available that resolves this
issue. We advise updating all affected Eucalyptus installations
following the instructions below.
DESCRIPTION
- -------------
Walrus is a storage service included with Eucalyptus. A flaw was
identified in the way Walrus checks authorization for some operations
on buckets. As a result, an authenticated user does not require
authorization to enable logging and versioning on buckets and
could potentially get access to activity logs for that bucket.
SOLUTION
- -------------
Eucalyptus version 3.2.2 resolves this issue.
Please see http://www.eucalyptus.com/download/eucalyptus
for instructions on downloading and upgrading to the latest
Eucalyptus software.
CONTACT and HELP
- -------------
Contact the Eucalyptus Security Team at secu...@eucalyptus.com.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
iQEVAwUBUW1/HQtWzWcVzgD8AQg0eAgAwcLyO3fPcxi54jmROGJOUlTWbKgF6+B4
Qs+nyk6R/uVbLaswzzLDK6Jcn0d+uiqYglaMnrZXmtGSAEMRe+a2G6PyCLYGgmcs
9dEb7Sl/ws7IxyVJp2JRq8/O4P+Z+IwvqOzbY/IihoZm17fQZz0naqk7D+SH2DoU
ircMc2wzbMk7hwc230fZB9ypjUGN3x0PGS9oLVu8gZpm3EZiC5pWFGy0uXfqn8hb
p8pZWAM1PIEqlyFN7CCQpLo1RrVEzYshhB+EXWfDSegpmP8LSkXFS5MCCyCVYaZp
49I9jdWVKYWBvPL68Oyj4s/dTJmLHSvRZOFfK88Y7Il8dm3goz0qhA==
=r5bM
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages