OpenStack Swift XML文件处理安全绕过漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1167360 漏洞类型 代码注入
发布时间 2013-06-13 更新时间 2013-08-12
CVE编号 CVE-2013-2161 CNNVD-ID CNNVD-201306-350
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://www.securityfocus.com/bid/60543
https://cxsecurity.com/issue/WLB-2013060113
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201306-350
|漏洞详情
OpenStack是美国国家航空航天局(NationalAeronauticsandSpaceAdministration)和美国Rackspace公司合作研发的一个云平台管理项目。Swift(又名ObjectStorage)是其中的一个用于存储永久静态数据的存储项目。OpenStackSwiftFolsom,Grizzly,Havana中的account/utils.py中存在XML注入漏洞。远程攻击者可通过账户名利用该漏洞触发无效或伪造的Swift响应。
|漏洞EXP
OpenStack Security Advisory: 2013-016
CVE: CVE-2013-2161
Date: June 13, 2013
Title: Unchecked user input in Swift XML responses
Reporter: Alex Gaynor (Rackspace)
Products: Swift
Affects: All versions

Description:
Alex Gaynor from Rackspace reported a vulnerability in XML handling
within Swift account servers. Account strings were unescaped in XML
listings, and an attacker could potentially generate unparsable or
arbitrary XML responses which may be used to leverage other
vulnerabilities in the calling software.

Havana (development branch) fix:
https://review.openstack.org/32905

Grizzly fix:
https://review.openstack.org/32909

Folsom fix:
https://review.openstack.org/32911

Notes:
This fix will be included in the next release.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2161
https://bugs.launchpad.net/swift/+bug/1183884
|受影响的产品
Ubuntu Ubuntu Linux 12.04 LTS i386 Ubuntu Ubuntu Linux 12.04 LTS amd64 Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips
|参考资料

来源:bugs.launchpad.net
链接:https://bugs.launchpad.net/swift/+bug/1183884
来源:MLIST
名称:[oss-security]20130613[OSSA2013-016]UncheckeduserinputinSwiftXMLresponses(CVE-2013-2161)
链接:http://www.openwall.com/lists/oss-security/2013/06/13/4
来源:DEBIAN
名称:DSA-2737
链接:http://www.debian.org/security/2012/dsa-2737
来源:REDHAT
名称:RHSA-2013:0993
链接:http://rhn.redhat.com/errata/RHSA-2013-0993.html
来源:SUSE
名称:openSUSE-SU-2013:1146
链接:http://lists.opensuse.org/opensuse-updates/2013-07/msg00021.html
来源:BID
名称:60543
链接:http://www.securityfocus.com/bid/60543