OVAL Reference oval:org.mitre.oval:def:27770

CVE-2014-3641)Amrith Kumar discovered that OpenStack Cinder did not properly sanitize logmessage contents. Under certain circumstances, a local attacker with readaccess to Cinder log files could obtain access to sensitive information.(CVE-2014-7230)"> OVAL Reference oval:org.mitre.oval:def:27770 - CERT Civis.Net

Oval Definition:

oval:org.mitre.oval:def:27770

Revision Date:	2014-12-29	Version:	3
Title:	USN-2405-1 -- OpenStack Cinder vulnerabilities
Description:	Duncan Thomas discovered that OpenStack Cinder did not properly track thefile format when using the GlusterFS of Smbfs drivers. A remoteauthenticated user could exploit this to potentially obtain file contentsfrom the compute host. (CVE-2014-3641)Amrith Kumar discovered that OpenStack Cinder did not properly sanitize logmessage contents. Under certain circumstances, a local attacker with readaccess to Cinder log files could obtain access to sensitive information.(CVE-2014-7230)
Family:	unix	Class:	patch
Status:	ACCEPTED	Reference(s):	CVE-2014-3641 CVE-2014-7230 USN-2405-1
Platform(s):	Ubuntu 14.04	Product(s):	cinder
Definition Synopsis
Ubuntu 14.04 is installed AND python-cinder is earlier than 1:2014.1.3-0ubuntu1.1

BACK