rhsa-2018_1593
Vulnerability from csaf_redhat
Published
2018-05-17 15:40
Modified
2024-11-14 23:42
Summary
Red Hat Security Advisory: Red Hat OpenStack Platform director security update
Notes
Topic
An update is now available for Red Hat OpenStack Platform 10.0 (Newton).
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service (IaaS) cloud based on Red Hat OpenStack Platform.
Security Fix(es):
* A resource-permission flaw was found in the python-tripleo and openstack-tripleo-heat-templates packages where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume.
To exploit this flaw, the attacker must have local access to an overcloud node. However by default, access to overcloud nodes is restricted and accessible only from the management undercloud server on an internal network. (CVE-2017-12155)
This issue was discovered by Katuya Kawakami (NEC).
* It was discovered that the memcached connections using UDP transport protocol can be abused for efficient traffic amplification distributed denial of service (DDoS) attacks. A remote attacker could send a malicious UDP request using a spoofed source IP address of a target system to memcached, causing it to send a significantly larger response to the target. (CVE-2018-1000115)
This advisory also addresses the following issues:
* This release adds support for deploying Dell EMC VMAX Block Storage backend using the Red Hat OpenStack Platform director. (BZ#1503896)
* Using composable roles for deploying Dell SC and PS Block Storage backend caused errors. The backends could only be deploying using 'cinder::config::cinder_config' hiera data.
With this update, the composable role support for deploying the Dell SC and PS Block Storage backends is updated. As a result, they can be now deployed using composable roles. (BZ#1552980)
* Previously, the iptables rules were managed by the Red Hat OpenStack Platform director and the OpenStack Networking service, which resulted in the rules created by the OpenStack Networking service to persist on to the disk. As a result, the rules that should not be loaded after an iptables restart or a system reboot would be loaded causing traffic issues.
With this update, the Red Hat OpenStack Platform director has been updated to exclude the OpenStack Networking rules from '/etc/sysconfig/iptables' when the director saves the firewall rules. As a result, iptables restart or a system reboot should work without causing traffic problems.
Note: It might be necessary to perform a rolling restart of the controller nodes to ensure that any orphaned managed neutron rules are no longer reloaded. (BZ#1541528)
* OS::TripleO::SwiftStorage::Ports* resources have been renamed to OS::TripleO::ObjectStorage::Port* to ensure standalone Object Storage nodes using the 'ObjectStorage' roles can be deployed correctly. Operators need to modify their custom templates that previously used OS::TripleO::SwiftStorage::Ports* settings. (BZ#1544802)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenStack Platform 10.0 (Newton).\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service (IaaS) cloud based on Red Hat OpenStack Platform.\n\nSecurity Fix(es):\n\n* A resource-permission flaw was found in the python-tripleo and openstack-tripleo-heat-templates packages where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume. \n\nTo exploit this flaw, the attacker must have local access to an overcloud node. However by default, access to overcloud nodes is restricted and accessible only from the management undercloud server on an internal network. (CVE-2017-12155)\n\nThis issue was discovered by Katuya Kawakami (NEC).\n\n* It was discovered that the memcached connections using UDP transport protocol can be abused for efficient traffic amplification distributed denial of service (DDoS) attacks. A remote attacker could send a malicious UDP request using a spoofed source IP address of a target system to memcached, causing it to send a significantly larger response to the target. (CVE-2018-1000115)\n\nThis advisory also addresses the following issues:\n\n* This release adds support for deploying Dell EMC VMAX Block Storage backend using the Red Hat OpenStack Platform director. (BZ#1503896)\n\n* Using composable roles for deploying Dell SC and PS Block Storage backend caused errors. The backends could only be deploying using \u0027cinder::config::cinder_config\u0027 hiera data.\nWith this update, the composable role support for deploying the Dell SC and PS Block Storage backends is updated. As a result, they can be now deployed using composable roles. (BZ#1552980)\n\n* Previously, the iptables rules were managed by the Red Hat OpenStack Platform director and the OpenStack Networking service, which resulted in the rules created by the OpenStack Networking service to persist on to the disk. As a result, the rules that should not be loaded after an iptables restart or a system reboot would be loaded causing traffic issues. \nWith this update, the Red Hat OpenStack Platform director has been updated to exclude the OpenStack Networking rules from \u0027/etc/sysconfig/iptables\u0027 when the director saves the firewall rules. As a result, iptables restart or a system reboot should work without causing traffic problems. \nNote: It might be necessary to perform a rolling restart of the controller nodes to ensure that any orphaned managed neutron rules are no longer reloaded. (BZ#1541528)\n\n* OS::TripleO::SwiftStorage::Ports* resources have been renamed to OS::TripleO::ObjectStorage::Port* to ensure standalone Object Storage nodes using the \u0027ObjectStorage\u0027 roles can be deployed correctly. Operators need to modify their custom templates that previously used OS::TripleO::SwiftStorage::Ports* settings. (BZ#1544802)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:1593",
"url": "https://access.redhat.com/errata/RHSA-2018:1593"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1414549",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414549"
},
{
"category": "external",
"summary": "1489360",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489360"
},
{
"category": "external",
"summary": "1503896",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503896"
},
{
"category": "external",
"summary": "1514532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1514532"
},
{
"category": "external",
"summary": "1514842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1514842"
},
{
"category": "external",
"summary": "1517302",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517302"
},
{
"category": "external",
"summary": "1533602",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1533602"
},
{
"category": "external",
"summary": "1534540",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1534540"
},
{
"category": "external",
"summary": "1538753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538753"
},
{
"category": "external",
"summary": "1541528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1541528"
},
{
"category": "external",
"summary": "1543883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1543883"
},
{
"category": "external",
"summary": "1544211",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1544211"
},
{
"category": "external",
"summary": "1544802",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1544802"
},
{
"category": "external",
"summary": "1545666",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545666"
},
{
"category": "external",
"summary": "1547091",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547091"
},
{
"category": "external",
"summary": "1547957",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547957"
},
{
"category": "external",
"summary": "1551182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1551182"
},
{
"category": "external",
"summary": "1552980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552980"
},
{
"category": "external",
"summary": "1559093",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559093"
},
{
"category": "external",
"summary": "1568596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568596"
},
{
"category": "external",
"summary": "1568601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568601"
},
{
"category": "external",
"summary": "1571840",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571840"
},
{
"category": "external",
"summary": "1576577",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576577"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1593.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenStack Platform director security update",
"tracking": {
"current_release_date": "2024-11-14T23:42:51+00:00",
"generator": {
"date": "2024-11-14T23:42:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2018:1593",
"initial_release_date": "2018-05-17T15:40:55+00:00",
"revision_history": [
{
"date": "2018-05-17T15:40:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-05-17T15:40:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T23:42:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 10.0",
"product": {
"name": "Red Hat OpenStack Platform 10.0",
"product_id": "7Server-RH7-RHOS-10.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:10::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "openstack-tripleo-heat-templates-0:5.3.10-1.el7ost.src",
"product": {
"name": "openstack-tripleo-heat-templates-0:5.3.10-1.el7ost.src",
"product_id": "openstack-tripleo-heat-templates-0:5.3.10-1.el7ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-tripleo-heat-templates@5.3.10-1.el7ost?arch=src"
}
}
},
{
"category": "product_version",
"name": "puppet-tripleo-0:5.6.8-6.el7ost.src",
"product": {
"name": "puppet-tripleo-0:5.6.8-6.el7ost.src",
"product_id": "puppet-tripleo-0:5.6.8-6.el7ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/puppet-tripleo@5.6.8-6.el7ost?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openstack-tripleo-heat-templates-0:5.3.10-1.el7ost.noarch",
"product": {
"name": "openstack-tripleo-heat-templates-0:5.3.10-1.el7ost.noarch",
"product_id": "openstack-tripleo-heat-templates-0:5.3.10-1.el7ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-tripleo-heat-templates@5.3.10-1.el7ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "puppet-tripleo-0:5.6.8-6.el7ost.noarch",
"product": {
"name": "puppet-tripleo-0:5.6.8-6.el7ost.noarch",
"product_id": "puppet-tripleo-0:5.6.8-6.el7ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/puppet-tripleo@5.6.8-6.el7ost?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-tripleo-heat-templates-0:5.3.10-1.el7ost.noarch as a component of Red Hat OpenStack Platform 10.0",
"product_id": "7Server-RH7-RHOS-10.0:openstack-tripleo-heat-templates-0:5.3.10-1.el7ost.noarch"
},
"product_reference": "openstack-tripleo-heat-templates-0:5.3.10-1.el7ost.noarch",
"relates_to_product_reference": "7Server-RH7-RHOS-10.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-tripleo-heat-templates-0:5.3.10-1.el7ost.src as a component of Red Hat OpenStack Platform 10.0",
"product_id": "7Server-RH7-RHOS-10.0:openstack-tripleo-heat-templates-0:5.3.10-1.el7ost.src"
},
"product_reference": "openstack-tripleo-heat-templates-0:5.3.10-1.el7ost.src",
"relates_to_product_reference": "7Server-RH7-RHOS-10.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-tripleo-0:5.6.8-6.el7ost.noarch as a component of Red Hat OpenStack Platform 10.0",
"product_id": "7Server-RH7-RHOS-10.0:puppet-tripleo-0:5.6.8-6.el7ost.noarch"
},
"product_reference": "puppet-tripleo-0:5.6.8-6.el7ost.noarch",
"relates_to_product_reference": "7Server-RH7-RHOS-10.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-tripleo-0:5.6.8-6.el7ost.src as a component of Red Hat OpenStack Platform 10.0",
"product_id": "7Server-RH7-RHOS-10.0:puppet-tripleo-0:5.6.8-6.el7ost.src"
},
"product_reference": "puppet-tripleo-0:5.6.8-6.el7ost.src",
"relates_to_product_reference": "7Server-RH7-RHOS-10.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Katuya Kawakami"
],
"organization": "NEC"
}
],
"cve": "CVE-2017-12155",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"discovery_date": "2017-06-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1489360"
}
],
"notes": [
{
"category": "description",
"text": "A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume. \r\nTo exploit this flaw, the attacker must have local access to an overcloud node. However by default, access to overcloud nodes is restricted and accessible only from the management undercloud server on an internal network. Follow good security principles in your networking environment to ensure that network access is properly controlled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openstack-tripleo-heat-templates: Ceph client keyring is world-readable when deployed by director",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-10.0:openstack-tripleo-heat-templates-0:5.3.10-1.el7ost.noarch",
"7Server-RH7-RHOS-10.0:openstack-tripleo-heat-templates-0:5.3.10-1.el7ost.src",
"7Server-RH7-RHOS-10.0:puppet-tripleo-0:5.6.8-6.el7ost.noarch",
"7Server-RH7-RHOS-10.0:puppet-tripleo-0:5.6.8-6.el7ost.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12155"
},
{
"category": "external",
"summary": "RHBZ#1489360",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489360"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12155",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12155"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12155",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12155"
}
],
"release_date": "2017-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-05-17T15:40:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOS-10.0:openstack-tripleo-heat-templates-0:5.3.10-1.el7ost.noarch",
"7Server-RH7-RHOS-10.0:openstack-tripleo-heat-templates-0:5.3.10-1.el7ost.src",
"7Server-RH7-RHOS-10.0:puppet-tripleo-0:5.6.8-6.el7ost.noarch",
"7Server-RH7-RHOS-10.0:puppet-tripleo-0:5.6.8-6.el7ost.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1593"
},
{
"category": "workaround",
"details": "To mitigate the flaw, use an overcloud post-deploy script[1] to do the following on all overcloud nodes:\n\nkey=/etc/ceph/ceph.client.openstack.keyring\nchown root:root $key\nchmod 600 $key\nsetfacl -m u:glance:r $key \nsetfacl -m u:cinder:r $key\nsetfacl -m u:nova:r $key\nsetfacl -m u: gnocchi:r $key\n\nIf not using Red Hat OpenStack Platform director, then run the commands above manually on each overcloud node, \nWarning: Only running \u0027chmod 600 $key\u0027 alone (without an ACL) will prevent OpenStack from reading the key.\n\n[1] https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/11/html-single/advanced_overcloud_customization/#sect-Customizing_Overcloud_PostConfiguration_All",
"product_ids": [
"7Server-RH7-RHOS-10.0:openstack-tripleo-heat-templates-0:5.3.10-1.el7ost.noarch",
"7Server-RH7-RHOS-10.0:openstack-tripleo-heat-templates-0:5.3.10-1.el7ost.src",
"7Server-RH7-RHOS-10.0:puppet-tripleo-0:5.6.8-6.el7ost.noarch",
"7Server-RH7-RHOS-10.0:puppet-tripleo-0:5.6.8-6.el7ost.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOS-10.0:openstack-tripleo-heat-templates-0:5.3.10-1.el7ost.noarch",
"7Server-RH7-RHOS-10.0:openstack-tripleo-heat-templates-0:5.3.10-1.el7ost.src",
"7Server-RH7-RHOS-10.0:puppet-tripleo-0:5.6.8-6.el7ost.noarch",
"7Server-RH7-RHOS-10.0:puppet-tripleo-0:5.6.8-6.el7ost.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openstack-tripleo-heat-templates: Ceph client keyring is world-readable when deployed by director"
},
{
"cve": "CVE-2018-1000115",
"discovery_date": "2018-03-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1551182"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the memcached connections using UDP transport protocol can be abused for efficient traffic amplification distributed denial of service (DDoS) attacks. A remote attacker could send a malicious UDP request using a spoofed source IP address of a target system to memcached, causing it to send a significantly larger response to the target.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "memcached: UDP server support allows spoofed traffic amplification DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat is aware of traffic amplification distributed denial of service (DDoS) attacks that take advantage of the insecurely configured memcached servers reachable from the public Internet. The default configuration of memcached as shipped in Red Hat products makes it possible to abuse them for these DDoS attacks if memcached is exposed to connections from the public Internet. Refer to the Red Hat Knowledgebase article 3369081 for instructions on how to properly secure memcached installations to prevent them from being used in the attack.\n\nhttps://access.redhat.com/solutions/3369081",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-10.0:openstack-tripleo-heat-templates-0:5.3.10-1.el7ost.noarch",
"7Server-RH7-RHOS-10.0:openstack-tripleo-heat-templates-0:5.3.10-1.el7ost.src",
"7Server-RH7-RHOS-10.0:puppet-tripleo-0:5.6.8-6.el7ost.noarch",
"7Server-RH7-RHOS-10.0:puppet-tripleo-0:5.6.8-6.el7ost.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1000115"
},
{
"category": "external",
"summary": "RHBZ#1551182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1551182"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1000115",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000115"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000115",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000115"
}
],
"release_date": "2018-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-05-17T15:40:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOS-10.0:openstack-tripleo-heat-templates-0:5.3.10-1.el7ost.noarch",
"7Server-RH7-RHOS-10.0:openstack-tripleo-heat-templates-0:5.3.10-1.el7ost.src",
"7Server-RH7-RHOS-10.0:puppet-tripleo-0:5.6.8-6.el7ost.noarch",
"7Server-RH7-RHOS-10.0:puppet-tripleo-0:5.6.8-6.el7ost.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1593"
},
{
"category": "workaround",
"details": "Please refer to the Red Hat Knowledgebase article 3369081 for instructions on how to properly secure memcached installations to prevent them from being used in an attack.\n\nhttps://access.redhat.com/solutions/3369081",
"product_ids": [
"7Server-RH7-RHOS-10.0:openstack-tripleo-heat-templates-0:5.3.10-1.el7ost.noarch",
"7Server-RH7-RHOS-10.0:openstack-tripleo-heat-templates-0:5.3.10-1.el7ost.src",
"7Server-RH7-RHOS-10.0:puppet-tripleo-0:5.6.8-6.el7ost.noarch",
"7Server-RH7-RHOS-10.0:puppet-tripleo-0:5.6.8-6.el7ost.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOS-10.0:openstack-tripleo-heat-templates-0:5.3.10-1.el7ost.noarch",
"7Server-RH7-RHOS-10.0:openstack-tripleo-heat-templates-0:5.3.10-1.el7ost.src",
"7Server-RH7-RHOS-10.0:puppet-tripleo-0:5.6.8-6.el7ost.noarch",
"7Server-RH7-RHOS-10.0:puppet-tripleo-0:5.6.8-6.el7ost.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "memcached: UDP server support allows spoofed traffic amplification DoS"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.