PT-2012-5994 · Amazon+1 · Amazon Ec2+1

Kurt Seifried

Publicado

2012-12-26

Atualizado

2017-08-29

CVE-2012-5483

CVSS v2.0

2.1

Baixa

Vetor

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions OpenStack Keystone version 2012.1.3

Description The issue allows local users to obtain access to EC2 services by reading administrative access and secret values from the /etc/keystone/ec2rc file due to its world-readable permissions when access to Amazon Elastic Compute Cloud (Amazon EC2) is configured.

Recommendations For OpenStack Keystone version 2012.1.3, consider changing the permissions of the /etc/keystone/ec2rc file to restrict read access to authorized users only, until a patch is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2012-5483

RHSA-2012:1556

Produtos afetados

Amazon Ec2

Openstack Keystone

PT-2012-5994 · Amazon+1 · Amazon Ec2+1

CVE-2012-5483

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6