Published: 21/06/2012 Updated: 29/08/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote malicious users to bypass intended access restrictions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openstack diablo 2011.3
openstack compute 2012.2
openstack essex 2012.1

Debian Bug report logs - #676465 CVE-2012-2654 Package: nova; Maintainer for nova is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Thu, 7 Jun 2012 07:24:02 UTC Severity: grave Tags: security Fixed in version nova/20121-6 Done: Loic Dachary ...

Nova could be prevented from applying security group policy ...

CWE-20 https://review.openstack.org/#/c/8239/https://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978 https://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654 https://lists.launchpad.net/openstack/msg12883.html http://www.ubuntu.com/usn/USN-1466-1 https://bugs.launchpad.net/nova/+bug/985184 http://secunia.com/advisories/49439 http://secunia.com/advisories/46808 https://exchange.xforce.ibmcloud.com/vulnerabilities/76110 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676465 https://usn.ubuntu.com/1466-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-2654

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect