PT-2012-5181 · Eucalyptus Systems · Eucalyptus

Published

2012-10-01

Updated

2012-10-02

CVE-2012-4064

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Eucalyptus versions prior to 3.1.1

Description The issue allows remote authenticated users to gain privileges by sending a message to certain components with a modified user id. This is due to the improper restriction of the binding of external SOAP web-services messages. The components affected include Cloud Controller and Walrus, where messages can be sent with the internal message format and a modified user id.

Recommendations For versions prior to 3.1.1, update to version 3.1.1 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2012-4064

Affected Products

Eucalyptus

PT-2012-5181 · Eucalyptus Systems · Eucalyptus

CVE-2012-4064

Weakness Enumeration

Related Identifiers

Affected Products

References · 2