SB2017051903 - Two vulnerabilities in Red Hat OpenStack
Published: May 19, 2017
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2017-2621)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4:
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to improper security restrictions on the /var/log/heat directory. A local attacker can navigate to the /var/log/heat directory and gain access to important data such as log files.
Successful exploitation of the vulnerability results in information disclosure on the target system.
2) Authentication bypass (CVE-ID: CVE-2017-2637)
CWE-ID: CWE-287 - Improper Authentication
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote unauthenticated attacker to bypass authentication on a targeted system.
The weakness exists due to the improper authentication and encryption standards that are set by default when the libvirtd component is deployed by the affected software. A remote attacker create a TCP connection to a compute host IP address, gain unauthorized access to the system that may allow to gain control of the host.
Successful exploitation of the vulnerability results in unauthorized access to the system.
Remediation
Install update from vendor's website.