Grant Murphy

**Name of the Vulnerable Software and Affected Versions** sosreport version 3.2 **Description** The issue allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive due to weak permissions for generated sosreport archives. **Recommendations** For sosreport version 3.2, consider restricting access to the /var/tmp/ directory to minimize the risk of exploitation until a fix is available.

**Name of the Vulnerable Software and Affected Versions** Nagios Core versions 3.4.4, 3.5.1, and earlier **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie cache when MAGPIE CACHE ON is set to 1. This is related to the rss-newsfeed.php file. **Recommendations** For Nagios Core versions 3.4.4, 3.5.1, and earlier, consider disabling the MAGPIE CACHE ON feature to prevent symlink attacks until a patch is available. Restrict access to the /tmp/magpie cache directory to minimize the risk of exploitation. Avoid using the rss-newsfeed.php file with MAGPIE CACHE ON set to 1 until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** OpenStack Compute (Nova) versions 2013.1.3 and earlier, Havana versions before havana-3 **Description** The issue allows remote attackers to cause a denial of service, resulting in resource consumption and crash, via an XML Entity Expansion (XEE) attack. This is due to an incomplete fix for a previous issue. **Recommendations** For OpenStack Compute (Nova) versions 2013.1.3 and earlier, update to a version that includes the complete fix for the issue. For Havana versions before havana-3, update to havana-3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** OpenStack Cinder versions 2013.1.3 and earlier **Description** The issue affects the backup API (`api/contrib/backups.py`) and volume transfer API (`contrib/volume transfer.py`) in OpenStack Cinder, allowing remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. **Recommendations** For versions 2013.1.3 and earlier, consider disabling the backup and volume transfer APIs until a patch is available to prevent potential denial of service attacks. Restrict access to the `api/contrib/backups.py` and `contrib/volume transfer.py` modules to minimize the risk of exploitation.