Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-0730

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2011-0730
Last Modified 14 Jun 2011 12:00:00
Published 02 Jun 2011 03:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2011-0730

Summary

Eucalyptus before 2.0.3 and Eucalyptus EE before 2.0.2, as used in Ubuntu Enterprise Cloud (UEC) and other products, do not properly interpret signed elements in SOAP requests, which allows man-in-the-middle attackers to execute arbitrary commands by modifying a request, related to an "XML Signature Element Wrapping" or a "SOAP signature replay" issue.

Vulnerable Systems

Application

  • Canonical Ubuntu Enterprise Cloud

  • Eucalyptus 1.0

  • Eucalyptus 1.1

  • Eucalyptus 1.2

  • Eucalyptus 1.3

  • Eucalyptus 1.4

  • Eucalyptus 1.5.1

  • Eucalyptus 1.5.2

  • Eucalyptus 1.6.2

  • Eucalyptus 2.0

  • Eucalyptus 2.0.0

  • Eucalyptus 2.0.1

  • Eucalyptus 2.0.2


References

CONFIRM - https://launchpad.net/ubuntu/+source/eucalyptus/+changelog

CONFIRM - http://launchpadlibrarian.net/72472626/eucalyptus_2.0.1%2Bbzr1256-0ubuntu5_2.0.1%2Bbzr1256-0ubuntu6.diff.gz

CONFIRM - https://bugs.launchpad.net/bugs/746101

XF - eucalyptus-soap-command-execution(67670)

UBUNTU - USN-1137-1

BID - 48000

SECUNIA - 44705

CONFIRM - http://open.eucalyptus.com/wiki/esa-02


Last Updated: 27 May 2016 10:56:02