Quantcast
Channel: SecStack » Release
Browsing all 12 articles
Browse latest View live

CVE-2012-5571 : EC2-style credentials invalidation issue

OpenStack Security Advisory: 2012-018 CVE: CVE-2012-5571 Date: November 28, 2012 Title: EC2-style credentials invalidation issue Reporter: Vijaya Erukala Products: Keystone Affects: All versions...

View Article



CVE-2012-5625 : Information leak in libvirt LVM-backed instances

This is something of a repeat. As openstack has gotten caught before not cleaning out reusable memory locations. As has Amazon. But, it’s always annoying to see a vulnerability that has previously bit...

View Article

CVE-2013-0208 : Boot from volume allows access to random volumes

OpenStack Security Advisory: 2013-001 CVE: CVE-2013-0208 Date: January 29, 2013 Title: Boot from volume allows access to random volumes Reporter: Phil Day (HP) Products: Nova Affects: Essex, Folsom...

View Article

CVE-2013-0212 : Backend password leak in Glance error message

OpenStack Security Advisory: 2013-002 CVE: CVE-2013-0212 Date: January 29, 2013 Title: Backend password leak in Glance error message Reporter: Dan Prince (Red Hat) Products: Glance Affects: All...

View Article

CVE-2013-0247 : Keystone denial of service through invalid token requests

OpenStack Security Advisory: 2013-003 CVE: CVE-2013-0247 Date: February 5, 2013 Title: Keystone denial of service through invalid token requests Reporter: Dan Prince (Red Hat) Products: Keystone...

View Article


Auto Complete in Login Fields of Horizon

Description Basically the Horizon Authentication form has auto complete enabled by default. This is considered a security risk by most. A discussion popped up on the list suggesting a fix, and it was...

View Article

CVE-2013-0282 : Keystone EC2-style authentication accepts disabled user/tenants

* Interesting to note this vulnerability was reported by the NSA. OpenStack Security Advisory: 2013-005 CVE: CVE-2013-0282 Date: February 19, 2013 Keystone EC2-style authentication accepts disabled...

View Article

CVE-2013-1664, CVE-2013-1665 : Information leak and Denial of Service using...

OpenStack Security Advisory: 2013-004 CVE: CVE-2013-1664, CVE-2013-1665 Date: February 19, 2013 Title: Information leak and Denial of Service using XML entities Reporter: Jonathan Murray (NCC Group),...

View Article


CVE-2013-0335 : VNC proxy can connect to the wrong VM

OpenStack Security Advisory: 2013-006 CVE: CVE-2013-0335 Date: February 26, 2013 Title: VNC proxy can connect to the wrong VM Reporter: Loganathan Parthipan (HP), Rohit Karajgi (NTT Data) Products:...

View Article


Image may be NSFW.
Clik here to view.

Havana!

SecStack in Havana   I am just back from Summit. Where I ran into a bunch of wonderful folks both new and old. OpenStack is getting awesome. The security front is about to get REALLY interesting. HP,...

View Article

Shmoocon Talk On-Line

This is my talk from Shmoocon in February. Sort of an intro to the structure of OpenStack ( at that time folsom ) with an eye towards providing auditors a map to find the the areas they want to test....

View Article

Image may be NSFW.
Clik here to view.

OpenStack Security Guide ( OFFICIAL ) Released

This is a little behind the curve, but several OSSG members and developers met up in Atlanta Georgia to do a book sprint on writing up a security hardening guide for OpenStack. I’ve read through it...

View Article
Browsing all 12 articles
Browse latest View live




Latest Images