Vulnerabilities > CVE-2014-7960 - Resource Management Errors vulnerability in Openstack Swift

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
openstack
CWE-399
nessus
NVD
Published: 2014-10-17
Updated: 2024-11-21

Summary

OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined.

Vulnerable Configurations

Part Description Count
Application
Openstack
44

Common Weakness Enumeration (CWE)

Nessus

NASL familyUbuntu Local Security Checks
NASL idUBUNTU_USN-2704-1.NASL
descriptionRajaneesh Singh discovered Swift does not properly enforce metadata limits. An attacker could abuse this issue to store more metadata than allowed by policy. (CVE-2014-7960) Clay Gerrard discovered Swift allowed users to delete the latest version of object regardless of object permissions when allow_version is configured. An attacker could use this issue to delete objects. (CVE-2015-1856). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen2020-06-01
modified2020-06-02
plugin id85252
published2015-08-06
reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/85252
titleUbuntu 12.04 LTS / 14.04 LTS / 15.04 : swift vulnerabilities (USN-2704-1)

Redhat

advisories
  • rhsa
    idRHSA-2015:0835
  • rhsa
    idRHSA-2015:0836
  • rhsa
    idRHSA-2015:1495
rpms
  • openstack-swift-0:1.13.1-4.el7ost
  • openstack-swift-account-0:1.13.1-4.el7ost
  • openstack-swift-container-0:1.13.1-4.el7ost
  • openstack-swift-doc-0:1.13.1-4.el7ost
  • openstack-swift-object-0:1.13.1-4.el7ost
  • openstack-swift-proxy-0:1.13.1-4.el7ost
  • openstack-swift-0:1.13.1-4.el6ost
  • openstack-swift-account-0:1.13.1-4.el6ost
  • openstack-swift-container-0:1.13.1-4.el6ost
  • openstack-swift-doc-0:1.13.1-4.el6ost
  • openstack-swift-object-0:1.13.1-4.el6ost
  • openstack-swift-proxy-0:1.13.1-4.el6ost
  • augeas-0:1.0.0-10.el6
  • augeas-debuginfo-0:1.0.0-10.el6
  • augeas-devel-0:1.0.0-10.el6
  • augeas-libs-0:1.0.0-10.el6
  • ccs-0:0.16.2-81.el6
  • check-mk-0:1.2.6p1-3.el6rhs
  • check-mk-debuginfo-0:1.2.6p1-3.el6rhs
  • check-mk-livestatus-0:1.2.6p1-3.el6rhs
  • clufter-cli-0:0.11.2-1.el6
  • clufter-debuginfo-0:0.11.2-1.el6
  • clufter-lib-ccs-0:0.11.2-1.el6
  • clufter-lib-general-0:0.11.2-1.el6
  • clufter-lib-pcs-0:0.11.2-1.el6
  • cluster-cim-0:0.16.2-31.el6
  • cluster-debuginfo-0:3.0.12.1-73.el6
  • cluster-snmp-0:0.16.2-31.el6
  • clusterlib-0:3.0.12.1-73.el6
  • clusterlib-devel-0:3.0.12.1-73.el6
  • clustermon-debuginfo-0:0.16.2-31.el6
  • cman-0:3.0.12.1-73.el6
  • corosync-0:1.4.7-2.el6
  • corosync-debuginfo-0:1.4.7-2.el6
  • corosynclib-0:1.4.7-2.el6
  • corosynclib-devel-0:1.4.7-2.el6
  • ctdb2.5-0:2.5.5-7.el6rhs
  • ctdb2.5-debuginfo-0:2.5.5-7.el6rhs
  • fence-virt-0:0.2.3-19.el6
  • fence-virt-debuginfo-0:0.2.3-19.el6
  • fence-virtd-0:0.2.3-19.el6
  • fence-virtd-checkpoint-0:0.2.3-19.el6
  • fence-virtd-libvirt-0:0.2.3-19.el6
  • fence-virtd-multicast-0:0.2.3-19.el6
  • fence-virtd-serial-0:0.2.3-19.el6
  • gfs2-utils-0:3.0.12.1-73.el6
  • gluster-nagios-addons-0:0.2.4-4.el6rhs
  • gluster-nagios-addons-debuginfo-0:0.2.4-4.el6rhs
  • gluster-nagios-common-0:0.2.0-1.el6rhs
  • glusterfs-0:3.7.1-11.el5
  • glusterfs-0:3.7.1-11.el6
  • glusterfs-0:3.7.1-11.el6rhs
  • glusterfs-api-0:3.7.1-11.el5
  • glusterfs-api-0:3.7.1-11.el6
  • glusterfs-api-0:3.7.1-11.el6rhs
  • glusterfs-api-devel-0:3.7.1-11.el5
  • glusterfs-api-devel-0:3.7.1-11.el6
  • glusterfs-api-devel-0:3.7.1-11.el6rhs
  • glusterfs-cli-0:3.7.1-11.el5
  • glusterfs-cli-0:3.7.1-11.el6
  • glusterfs-cli-0:3.7.1-11.el6rhs
  • glusterfs-client-xlators-0:3.7.1-11.el5
  • glusterfs-client-xlators-0:3.7.1-11.el6
  • glusterfs-client-xlators-0:3.7.1-11.el6rhs
  • glusterfs-debuginfo-0:3.7.1-11.el5
  • glusterfs-debuginfo-0:3.7.1-11.el6
  • glusterfs-debuginfo-0:3.7.1-11.el6rhs
  • glusterfs-devel-0:3.7.1-11.el5
  • glusterfs-devel-0:3.7.1-11.el6
  • glusterfs-devel-0:3.7.1-11.el6rhs
  • glusterfs-fuse-0:3.7.1-11.el5
  • glusterfs-fuse-0:3.7.1-11.el6
  • glusterfs-fuse-0:3.7.1-11.el6rhs
  • glusterfs-ganesha-0:3.7.1-11.el6rhs
  • glusterfs-geo-replication-0:3.7.1-11.el6rhs
  • glusterfs-libs-0:3.7.1-11.el5
  • glusterfs-libs-0:3.7.1-11.el6
  • glusterfs-libs-0:3.7.1-11.el6rhs
  • glusterfs-rdma-0:3.7.1-11.el5
  • glusterfs-rdma-0:3.7.1-11.el6
  • glusterfs-rdma-0:3.7.1-11.el6rhs
  • glusterfs-server-0:3.7.1-11.el6rhs
  • gstatus-0:0.64-3.1.el6rhs
  • gstatus-debuginfo-0:0.64-3.1.el6rhs
  • libqb-0:0.17.1-1.el6
  • libqb-debuginfo-0:0.17.1-1.el6
  • libqb-devel-0:0.17.1-1.el6
  • libtalloc-0:2.1.1-4.el6rhs
  • libtalloc-debuginfo-0:2.1.1-4.el6rhs
  • libtalloc-devel-0:2.1.1-4.el6rhs
  • libvirt-debuginfo-0:0.10.2-54.el6
  • libvirt-lock-sanlock-0:0.10.2-54.el6
  • modcluster-0:0.16.2-31.el6
  • nagios-plugins-0:1.4.16-12.el6rhs
  • nagios-plugins-debuginfo-0:1.4.16-12.el6rhs
  • nagios-plugins-dummy-0:1.4.16-12.el6rhs
  • nagios-plugins-ide_smart-0:1.4.16-12.el6rhs
  • nagios-plugins-nrpe-0:2.15-4.1.el6rhs
  • nagios-plugins-ping-0:1.4.16-12.el6rhs
  • nagios-plugins-procs-0:1.4.16-12.el6rhs
  • nagios-server-addons-0:0.2.1-4.el6rhs
  • nfs-ganesha-0:2.2.0-5.el6rhs
  • nfs-ganesha-debuginfo-0:2.2.0-5.el6rhs
  • nfs-ganesha-gluster-0:2.2.0-5.el6rhs
  • nfs-ganesha-nullfs-0:2.2.0-5.el6rhs
  • nrpe-0:2.15-4.1.el6rhs
  • nrpe-debuginfo-0:2.15-4.1.el6rhs
  • openais-0:1.1.1-7.el6
  • openais-debuginfo-0:1.1.1-7.el6
  • openaislib-0:1.1.1-7.el6
  • openaislib-devel-0:1.1.1-7.el6
  • openstack-swift-0:1.13.1-4.el6ost
  • openstack-swift-account-0:1.13.1-4.el6ost
  • openstack-swift-container-0:1.13.1-4.el6ost
  • openstack-swift-doc-0:1.13.1-4.el6ost
  • openstack-swift-object-0:1.13.1-4.el6ost
  • openstack-swift-proxy-0:1.13.1-4.el6ost
  • pacemaker-0:1.1.12-8.el6
  • pacemaker-cli-0:1.1.12-8.el6
  • pacemaker-cluster-libs-0:1.1.12-8.el6
  • pacemaker-cts-0:1.1.12-8.el6
  • pacemaker-debuginfo-0:1.1.12-8.el6
  • pacemaker-doc-0:1.1.12-8.el6
  • pacemaker-libs-0:1.1.12-8.el6
  • pacemaker-libs-devel-0:1.1.12-8.el6
  • pacemaker-remote-0:1.1.12-8.el6
  • pcs-0:0.9.139-9.el6
  • pcs-debuginfo-0:0.9.139-9.el6
  • pnp4nagios-0:0.6.22-2.1.el6rhs
  • pnp4nagios-debuginfo-0:0.6.22-2.1.el6rhs
  • pynag-0:0.9.1-1.el6rhs
  • pynag-examples-0:0.9.1-1.el6rhs
  • pytalloc-0:2.1.1-4.el6rhs
  • pytalloc-devel-0:2.1.1-4.el6rhs
  • python-blivet-1:1.0.0.2-1.el6rhs
  • python-clufter-0:0.11.2-1.el6
  • python-cpopen-0:1.3-4.el6_5
  • python-cpopen-debuginfo-0:1.3-4.el6_5
  • python-eventlet-0:0.14.0-1.el6
  • python-eventlet-doc-0:0.14.0-1.el6
  • python-gluster-0:3.7.1-11.el5
  • python-gluster-0:3.7.1-11.el6
  • python-gluster-0:3.7.1-11.el6rhs
  • python-greenlet-0:0.4.2-1.el6
  • python-greenlet-debuginfo-0:0.4.2-1.el6
  • python-greenlet-devel-0:0.4.2-1.el6
  • python-keystoneclient-1:0.9.0-5.el6ost
  • python-keystoneclient-doc-1:0.9.0-5.el6ost
  • python-prettytable-0:0.7.2-1.el6
  • python-pyudev-0:0.15-2.el6rhs
  • redhat-storage-logos-0:60.0.20-1.el6rhs
  • redhat-storage-server-0:3.1.0.3-1.el6rhs
  • resource-agents-0:3.9.5-24.el6
  • resource-agents-debuginfo-0:3.9.5-24.el6
  • resource-agents-sap-0:3.9.5-24.el6
  • ricci-0:0.16.2-81.el6
  • ricci-debuginfo-0:0.16.2-81.el6
  • userspace-rcu-0:0.7.9-2.el6rhs
  • userspace-rcu-debuginfo-0:0.7.9-2.el6rhs
  • userspace-rcu-devel-0:0.7.9-2.el6rhs
  • vdsm-0:4.16.20-1.2.el6rhs
  • vdsm-cli-0:4.16.20-1.2.el6rhs
  • vdsm-debug-plugin-0:4.16.20-1.2.el6rhs
  • vdsm-debuginfo-0:4.16.20-1.2.el6rhs
  • vdsm-gluster-0:4.16.20-1.2.el6rhs
  • vdsm-hook-ethtool-options-0:4.16.20-1.2.el6rhs
  • vdsm-hook-faqemu-0:4.16.20-1.2.el6rhs
  • vdsm-hook-openstacknet-0:4.16.20-1.2.el6rhs
  • vdsm-hook-qemucmdline-0:4.16.20-1.2.el6rhs
  • vdsm-jsonrpc-0:4.16.20-1.2.el6rhs
  • vdsm-python-0:4.16.20-1.2.el6rhs
  • vdsm-python-zombiereaper-0:4.16.20-1.2.el6rhs
  • vdsm-reg-0:4.16.20-1.2.el6rhs
  • vdsm-tests-0:4.16.20-1.2.el6rhs
  • vdsm-xmlrpc-0:4.16.20-1.2.el6rhs
  • vdsm-yajsonrpc-0:4.16.20-1.2.el6rhs

References