Vulnerabilities > CVE-2015-7944 - Resource Management Errors vulnerability in Spi-Inc Ganeti
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service (resource consumption) via SSL parameter renegotiation.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Ganeti - Multiple Vulnerabilities. CVE-2015-7944,CVE-2015-7945. Dos exploits for multiple platform |
| file | exploits/multiple/dos/39169.pl |
| id | EDB-ID:39169 |
| last seen | 2016-02-04 |
| modified | 2016-01-05 |
| platform | multiple |
| port | |
| published | 2016-01-05 |
| reporter | Pierre Kim |
| source | https://www.exploit-db.com/download/39169/ |
| title | Ganeti - Multiple Vulnerabilities |
| type | dos |
Nessus
| NASL family | Debian Local Security Checks |
| NASL id | DEBIAN_DSA-3431.NASL |
| description | Pierre Kim discovered two vulnerabilities in the restful API of Ganeti, a virtual server cluster management tool. SSL parameter negotiation could result in denial of service and the DRBD secret could leak. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 87739 |
| published | 2016-01-06 |
| reporter | This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/87739 |
| title | Debian DSA-3431-1 : ganeti - security update |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/135131/2016-ganeti-0x00.txt |
| id | PACKETSTORM:135131 |
| last seen | 2016-12-05 |
| published | 2016-01-05 |
| reporter | Pierre Kim |
| source | https://packetstormsecurity.com/files/135131/Ganeti-Denial-Of-Service-Information-Disclosure.html |
| title | Ganeti Denial Of Service / Information Disclosure |
References
- http://www.ocert.org/advisories/ocert-2015-012.html
- http://packetstormsecurity.com/files/135101/Ganeti-Leaked-Secret-Denial-Of-Service.html
- http://docs.ganeti.org/ganeti/2.9/html/news.html#version-2-9-7
- http://docs.ganeti.org/ganeti/2.15/html/news.html#version-2-15-2
- http://docs.ganeti.org/ganeti/2.14/html/news.html#version-2-14-2
- http://docs.ganeti.org/ganeti/2.13/html/news.html#version-2-13-3
- http://docs.ganeti.org/ganeti/2.12/html/news.html#version-2-12.6
- http://docs.ganeti.org/ganeti/2.11/html/news.html#version-2-11-8
- http://docs.ganeti.org/ganeti/2.10/html/news.html#version-2-10-8
- https://www.exploit-db.com/exploits/39169/
- http://www.debian.org/security/2016/dsa-3431