CVE-2012-4066
Published: 8 March 2013
The internal message protocol for Walrus in Eucalyptus 3.2.0 and earlier does not require signatures for unspecified request headers, which allows attackers to (1) delete or (2) upload snapshots.
Notes
Author | Note |
---|---|
jdstrand | per upstream, 3.x only. Verified code-not-present on 10.04 LTS |
Priority
Status
Package | Release | Status |
---|---|---|
eucalyptus Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Not vulnerable
|
|
oneiric |
Not vulnerable
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(3.1.2)
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
Patches: upstream: https://github.com/eucalyptus/eucalyptus/commit/b8a99baed5d24b57fd7124905370f038dfe2c547 |