Vulnerabilities > CVE-2014-7960 - Resource Management Errors vulnerability in Openstack Swift
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family | Ubuntu Local Security Checks |
NASL id | UBUNTU_USN-2704-1.NASL |
description | Rajaneesh Singh discovered Swift does not properly enforce metadata limits. An attacker could abuse this issue to store more metadata than allowed by policy. (CVE-2014-7960) Clay Gerrard discovered Swift allowed users to delete the latest version of object regardless of object permissions when allow_version is configured. An attacker could use this issue to delete objects. (CVE-2015-1856). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 85252 |
published | 2015-08-06 |
reporter | Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/85252 |
title | Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : swift vulnerabilities (USN-2704-1) |
Redhat
advisories |
| ||||||||||||
rpms |
|
References
- http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html
- http://rhn.redhat.com/errata/RHSA-2015-0835.html
- http://rhn.redhat.com/errata/RHSA-2015-0836.html
- http://rhn.redhat.com/errata/RHSA-2015-1495.html
- http://www.openwall.com/lists/oss-security/2014/10/07/39
- http://www.openwall.com/lists/oss-security/2014/10/08/7
- http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
- http://www.securityfocus.com/bid/70279
- http://www.ubuntu.com/usn/USN-2704-1
- https://bugs.launchpad.net/swift/+bug/1365350
- https://exchange.xforce.ibmcloud.com/vulnerabilities/96901