Vulnerability Name:

CVE-2011-0730 (CCN-67670)

Assigned:2011-05-25
Published:2011-05-25
Updated:2018-11-29
Summary:Eucalyptus before 2.0.3 and Eucalyptus EE before 2.0.2, as used in Ubuntu Enterprise Cloud (UEC) and other products, do not properly interpret signed elements in SOAP requests, which allows man-in-the-middle attackers to execute arbitrary commands by modifying a request, related to an "XML Signature Element Wrapping" or a "SOAP signature replay" issue.
CVSS v3 Severity:5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
4.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
4.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-20
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2011-0730

Source: CONFIRM
Type: Patch, Third Party Advisory
http://launchpadlibrarian.net/72472626/eucalyptus_2.0.1%2Bbzr1256-0ubuntu5_2.0.1%2Bbzr1256-0ubuntu6.diff.gz

Source: CCN
Type: ESA-02
SOAP interfaces vulnerable to XML Signature Element Wrapping attacks

Source: CONFIRM
Type: Vendor Advisory
http://open.eucalyptus.com/wiki/esa-02

Source: SECUNIA
Type: Third Party Advisory
44705

Source: CCN
Type: OSVDB ID: 73259
Eucalyptus SOAP Request Signed Element MiTM Arbitrary Command Execution

Source: CCN
Type: OSVDB ID: 73462
Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass

Source: BID
Type: Third Party Advisory, VDB Entry
48000

Source: CCN
Type: BID-48000
Eucalyptus SOAP Interface Remote Arbitrary Command Injection Vulnerability

Source: UBUNTU
Type: Third Party Advisory
USN-1137-1

Source: CONFIRM
Type: Third Party Advisory
https://bugs.launchpad.net/bugs/746101

Source: XF
Type: Third Party Advisory, VDB Entry
eucalyptus-soap-command-execution(67670)

Source: XF
Type: UNKNOWN
eucalyptus-soap-command-execution(67670)

Source: CONFIRM
Type: Patch, Third Party Advisory
https://launchpad.net/ubuntu/+source/eucalyptus/+changelog

Vulnerable Configuration:Configuration 1:
  • cpe:/a:eucalyptus:eucalyptus:*:*:*:*:enterprise:*:*:* (Version < 2.0.2)
  • OR cpe:/a:eucalyptus:eucalyptus:*:*:*:*:*:*:*:* (Version < 2.0.3)

  • Configuration 2:
  • cpe:/o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:eucalyptus:eucalyptus:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:eucalyptus:eucalyptus:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:eucalyptus:eucalyptus:2.0.2:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:20751
    P
    USN-1137-1 -- eucalyptus, rampart vulnerability
    2014-07-07
    BACK
    eucalyptus eucalyptus *
    eucalyptus eucalyptus *
    canonical ubuntu linux 10.04
    canonical ubuntu linux 10.10
    canonical ubuntu linux 11.04
    eucalyptus eucalyptus 2.0.0
    eucalyptus eucalyptus 2.0.1
    eucalyptus eucalyptus 2.0.2