CVE-2011-0730 Information
Description
Eucalyptus before 2.0.3 and Eucalyptus EE before 2.0.2 as used in Ubuntu Enterprise Cloud (UEC) and other products do not properly interpret signed elements in SOAP requests which allows man-in-the-middle attackers to execute arbitrary commands by modifying a request related to an \XML Signature Element Wrapping\ or a \SOAP signature replay\ issue.
Reference
http://launchpadlibrarian.net/72472626/eucalyptus_2.0.12Bbzr1256-0ubuntu5_2.0.12Bbzr1256-0ubuntu6.diff.gz http://open.eucalyptus.com/wiki/esa-02 http://secunia.com/advisories/44705 http://www.securityfocus.com/bid/48000 http://www.ubuntu.com/usn/USN-1137-1 https://bugs.launchpad.net/bugs/746101 https://exchange.xforce.ibmcloud.com/vulnerabilities/67670 https://launchpad.net/ubuntu/+source/eucalyptus/+changelog
Share on: