Thierry Carrez

**Name of the Vulnerable Software and Affected Versions** OpenStack Keystone versions Essex 2012.1.3 and earlier OpenStack Keystone versions Folsom 2012.2.3 and earlier OpenStack Keystone versions Grizzly grizzly-2 and earlier **Description** The issue allows remote attackers to cause a denial of service, specifically disk consumption, by sending many invalid token requests. This triggers the excessive generation of log entries. **Recommendations** For OpenStack Keystone versions Essex 2012.1.3 and earlier, update to a version later than 2012.1.3 to resolve the issue. For OpenStack Keystone versions Folsom 2012.2.3 and earlier, update to a version later than 2012.2.3 to resolve the issue. For OpenStack Keystone versions Grizzly grizzly-2 and earlier, update to a version later than grizzly-2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** OpenStack Compute (Nova) versions 2012.1.x through 2012.1.1 OpenStack Compute (Nova) versions Folsom through Folsom-2 **Description** The issue allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. This problem exists due to an incomplete fix. **Recommendations** For OpenStack Compute (Nova) versions 2012.1.x through 2012.1.1, update to version 2012.1.2 or later. For OpenStack Compute (Nova) versions Folsom through Folsom-2, update to Folsom-3 or later. As a temporary workaround, consider restricting access to the `virt/disk/api.py` module to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: dnsmasq version 2.25 Description: The issue allows remote attackers to cause a denial of service, resulting in the daemon crashing. This can be achieved by either renewing a nonexistent lease or sending a DHCPREQUEST for an IP address that is not in the same network. The problem is related to the DHCP NAK response from the daemon. Recommendations: For dnsmasq version 2.25, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: MPlayer version 1.0pre7try2 Description: The issue concerns multiple integer overflows that can be triggered by remote attackers, leading to a denial of service and potentially heap-based buffer overflows. This can occur through two main vectors: (1) a specially crafted ASF file that, when handled by the asfheader.c component, causes the `asf descrambling` function to receive a negative integer after a char to int conversion, or (2) an AVI file with specifically crafted values for `wLongsPerEntry` or `nEntriesInUse` in the indx chunk, handled in aviheader.c. Recommendations: For MPlayer version 1.0pre7try2, consider updating to a newer version that addresses these integer overflows, as using outdated versions may expose users to denial of service and buffer overflow risks. As a temporary workaround, consider restricting the handling of ASF and AVI files until a patch is available.

Name of the Vulnerable Software and Affected Versions: Apache2::Request (Libapreq2) versions prior to 2.07 Description: The issue is related to an unspecified vulnerability in the `apreq parse headers` and `apreq parse urlencoded` functions. This vulnerability allows remote attackers to cause a denial of service by consuming CPU resources via unknown attack vectors, resulting in quadratic computational complexity. Recommendations: For versions prior to 2.07, update to version 2.07 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Clam AntiVirus (ClamAV) versions prior to 0.87 **Description** The issue is related to a buffer overflow in the libclamav/upx.c component of Clam AntiVirus. This allows remote attackers to execute arbitrary code by providing a crafted UPX packed executable. **Recommendations** For versions prior to 0.87, update to version 0.87 or later to resolve the issue.