PT-2014-3447 · Red Hat+1 · Red Hat Enterprise Linux Openstack Platform+2
Published
2014-06-02
·
Updated
2023-02-13
·
CVE-2014-0040
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
OpenStack Heat Templates (heat-templates) as used in Red Hat Enterprise Linux OpenStack Platform version 4.0
Description
The issue allows man-in-the-middle attackers to prevent updates via unspecified vectors, as OpenStack Heat Templates uses an HTTP connection to download packages and signing keys from Yum repositories.
Recommendations
For Red Hat Enterprise Linux OpenStack Platform version 4.0, consider switching to HTTPS connections for downloading packages and signing keys from Yum repositories to prevent man-in-the-middle attacks. As a temporary workaround, restrict access to the Yum repositories to minimize the risk of exploitation.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Openstack Heat Templates
Red Hat Enterprise Linux Openstack Platform
Yum