Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0162

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2014-0162
Last Modified 05 Jun 2014 12:28:46
Published 27 Apr 2014 04:55:23
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2014-0162

Summary

The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location.

Vulnerable Systems

Application

  • Openstack Icehouse Rc-1

  • Openstack Image Registry And Delivery Service %28glance%29 2013.2

  • Openstack Image Registry And Delivery Service %28glance%29 2013.2.1

  • Openstack Image Registry And Delivery Service %28glance%29 2013.2.2

  • Openstack Image Registry And Delivery Service %28glance%29 2013.2.3


References

CONFIRM - https://launchpad.net/bugs/1298698

MLIST - [oss-security] 20140410 [OSSA 2014-012] Remote code execution in Glance Sheepdog backend (CVE-2014-0162)

UBUNTU - USN-2193-1

REDHAT - RHSA-2014:0455


Last Updated: 27 May 2016 11:05:06