ESA-23: Sensitive Information in Eucalyptus Log Files
0 views
Skip to first unread message
Eucalyptus Security Team
Aug 27, 2014, 1:36:54 PM8/27/14
to security...@eucalyptus.com
ESA-23: Sensitive Information in Eucalyptus Log Files
====================================================================
Eucalyptus Security Advisory
Advisory ID: ESA-23
Issue Date: 2014-08-13
Last Updated: 2014-08-27
Severity Level: Low
Affected Versions: Eucalyptus 3.4.2 to 4.0.0
CVE Number: CVE-2014-5036
====================================================================
OVERVIEW
------------
A security issue has been identified in Eucalyptus 3.4.2 to 4.0.0 where a security-sensitive data was written into a Eucalyptus log file. Eucalyptus clouds using Dell Equallogic SAN are affected. An update is now available in 4.0.1 that resolves this issue.
DESCRIPTION
-------------
On Eucalyptus installations using Dell Equallogic SAN, CHAP user credentials were written into the log files on the Storage Controller (SC) component. The SC logs are readable by any user who has access to the SC host. Knowledge of CHAP credentials could allow someone to gain limited access to a subset of Eucalyptus data on the SAN.
SOLUTION
-------------
Eucalyptus 4.0.1 resolves this issue. Please see http://www.eucalyptus.com/download/eucalyptus for instructions on downloading and upgrading to the latest Eucalyptus software.
CONTACT and HELP
-------------
Contact the Eucalyptus Security Team at secu...@eucalyptus.com.
====================================================================
Eucalyptus Security Advisory
Advisory ID: ESA-23
Issue Date: 2014-08-13
Last Updated: 2014-08-27
Severity Level: Low
Affected Versions: Eucalyptus 3.4.2 to 4.0.0
CVE Number: CVE-2014-5036
====================================================================
OVERVIEW
------------
A security issue has been identified in Eucalyptus 3.4.2 to 4.0.0 where a security-sensitive data was written into a Eucalyptus log file. Eucalyptus clouds using Dell Equallogic SAN are affected. An update is now available in 4.0.1 that resolves this issue.
DESCRIPTION
-------------
On Eucalyptus installations using Dell Equallogic SAN, CHAP user credentials were written into the log files on the Storage Controller (SC) component. The SC logs are readable by any user who has access to the SC host. Knowledge of CHAP credentials could allow someone to gain limited access to a subset of Eucalyptus data on the SAN.
SOLUTION
-------------
Eucalyptus 4.0.1 resolves this issue. Please see http://www.eucalyptus.com/download/eucalyptus for instructions on downloading and upgrading to the latest Eucalyptus software.
CONTACT and HELP
-------------
Contact the Eucalyptus Security Team at secu...@eucalyptus.com.
Reply all
Reply to author
Forward
0 new messages