ESA-13: Unauthorized Access to CC/NC Log Files
1 view
Skip to first unread message
Eucalyptus Security Team
Sep 11, 2013, 12:45:19 PM9/11/13
to security...@eucalyptus.com
ESA-13: Unauthorized Access to CC/NC Log Files
====================================================================
Eucalyptus Security Advisory
Advisory ID: ESA-13
Issue Date: 2013-08-27
Last Updated: 2013-09-11
Severity Level: Moderate
Affected Versions: Eucalyptus 3.3.0 and earlier
CVE Number: CVE-2013-4766
====================================================================
OVERVIEW
------------
A vulnerability has been identified in Eucalyptus 3.3.0 and earlier. Anonymous/unauthenticated user could get access to log files of Cluster Controller (CC) and Node Controller (NC) components. An update is now available that resolves this issue.
DESCRIPTION
-------------
A flaw was identified in the implementation of gather log service on both the CC and the NC. An unauthenticated user with remote access to a CC or an NC could retrieve the component’s log files. This could lead to disclosure of information internal to Eucalyptus cloud.
SOLUTION
-------------
Eucalyptus version 3.3.1 resolves this issue. Please see
http://www.eucalyptus.com/download/eucalyptus for instructions on
downloading and upgrading to the latest Eucalyptus software.
CONTACT and HELP
-------------
Contact the Eucalyptus Security Team at secu...@eucalyptus.com.
Reply all
Reply to author
Forward
0 new messages