NASLDB: Eucalyptus Walrus REST Interface Key Verification Authentication Bypass (ESA-03)
General
ID: 61611
Name: Eucalyptus Walrus REST Interface Key Verification Authentication Bypass (ESA-03)
Summary: Attempts to access a non-existent bucket with an unauthorized key
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Temporal Vector: CVSS2#E:F/RL:U/RC:C
Port: 8773
Family: CGI abuses
Type: Remote
Description
The version of Eucalyptus Walrus hosted on the remote web server
contains a flaw in the ‘WalrusComponentLoginModule’ class’s
‘authenticate’ method that allows a remote, unauthenticated attacker to
create, read, and write to buckets as an administrator.
When an affected Walrus instance receives a REST request, it processes
that request in the context of an administrative user and verifies that
the RSA signature in the ‘EucaSignature’ header matches the public key
from the X.509 certificate in the ‘EucaCert’ header. The issue is that
while the correlation between the certificate and the signature is
checked, no effort is made to ensure that the certificate is recognized
as trusted.
Exploiting
Exploit Available: True
Exploitability Ease: Exploits are available
Sources
CVE: CVE-2012-3240
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: 2012/07/11
Patch Release: 2012/03/26
Plugin Release: 2012/08/21
Plugin
Version: 1.2
Filename: eucalyptus_esa03.nasl
Filesize: 7880 bytes
MD5 Hash: 91de16025b78bf9ec9d179714187eb37
Identification: –
Require Keys: www/eucalyptus_walrus
Dependencies: "eucalyptus_walrus_detect.nasl"
Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.
- Latest Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack