CVE Vulnerabilities

CVE-2012-4064

Published: Oct 01, 2012 | Modified: Oct 02, 2012
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to gain privileges by sending a message to (1) Cloud Controller or (2) Walrus with the internal message format and a modified user id.

Affected Software

Name Vendor Start Version End Version
Eucalyptus Eucalyptus * 3.1.0 (including)
Eucalyptus Eucalyptus 1.0 (including) 1.0 (including)
Eucalyptus Eucalyptus 1.1 (including) 1.1 (including)
Eucalyptus Eucalyptus 1.2 (including) 1.2 (including)
Eucalyptus Eucalyptus 1.3 (including) 1.3 (including)
Eucalyptus Eucalyptus 1.4 (including) 1.4 (including)
Eucalyptus Eucalyptus 1.5.1 (including) 1.5.1 (including)
Eucalyptus Eucalyptus 1.5.2 (including) 1.5.2 (including)
Eucalyptus Eucalyptus 1.6 (including) 1.6 (including)
Eucalyptus Eucalyptus 1.6.2 (including) 1.6.2 (including)
Eucalyptus Eucalyptus 2.0 (including) 2.0 (including)
Eucalyptus Eucalyptus 2.0.0 (including) 2.0.0 (including)
Eucalyptus Eucalyptus 2.0.1 (including) 2.0.1 (including)
Eucalyptus Eucalyptus 2.0.2 (including) 2.0.2 (including)
Eucalyptus Eucalyptus 2.0.3 (including) 2.0.3 (including)
Eucalyptus Eucalyptus 3.0 (including) 3.0 (including)
Eucalyptus Eucalyptus 3.0.1 (including) 3.0.1 (including)
Eucalyptus Eucalyptus 3.1.1 (including) 3.1.1 (including)
Eucalyptus Ubuntu lucid *
Eucalyptus Ubuntu natty *
Eucalyptus Ubuntu oneiric *
Eucalyptus Ubuntu precise *
Eucalyptus Ubuntu upstream *

References