Vulnerabilities > CVE-2015-7944 - Resource Management Errors vulnerability in Spi-Inc Ganeti

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
spi-inc
CWE-399
nessus
exploit available

Summary

The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service (resource consumption) via SSL parameter renegotiation.

Vulnerable Configurations

Part Description Count
Application
Spi-Inc
164

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionGaneti - Multiple Vulnerabilities. CVE-2015-7944,CVE-2015-7945. Dos exploits for multiple platform
fileexploits/multiple/dos/39169.pl
idEDB-ID:39169
last seen2016-02-04
modified2016-01-05
platformmultiple
port
published2016-01-05
reporterPierre Kim
sourcehttps://www.exploit-db.com/download/39169/
titleGaneti - Multiple Vulnerabilities
typedos

Nessus

NASL familyDebian Local Security Checks
NASL idDEBIAN_DSA-3431.NASL
descriptionPierre Kim discovered two vulnerabilities in the restful API of Ganeti, a virtual server cluster management tool. SSL parameter negotiation could result in denial of service and the DRBD secret could leak.
last seen2020-06-01
modified2020-06-02
plugin id87739
published2016-01-06
reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/87739
titleDebian DSA-3431-1 : ganeti - security update

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/135131/2016-ganeti-0x00.txt
idPACKETSTORM:135131
last seen2016-12-05
published2016-01-05
reporterPierre Kim
sourcehttps://packetstormsecurity.com/files/135131/Ganeti-Denial-Of-Service-Information-Disclosure.html
titleGaneti Denial Of Service / Information Disclosure