Published: 18/08/2017 Updated: 08/09/2021

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti prior to 2.9.7, 2.10.x prior to 2.10.8, 2.11.x prior to 2.11.8, 2.12.x prior to 2.12.6, 2.13.x prior to 2.13.3, 2.14.x prior to 2.14.2, and 2.15.x prior to 2.15.2, when used in SSL mode, allows remote malicious users to cause a denial of service (resource consumption) via SSL parameter renegotiation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
spi-inc ganeti 2.15.0
spi-inc ganeti 2.14.0
spi-inc ganeti 2.13.1
spi-inc ganeti 2.12.3
spi-inc ganeti 2.12.4
spi-inc ganeti 2.10.0
spi-inc ganeti 2.10.6
spi-inc ganeti 2.10.7
spi-inc ganeti 2.11.4
spi-inc ganeti 2.11.5
spi-inc ganeti 2.14.1
spi-inc ganeti 2.13.0
spi-inc ganeti 2.12.0
spi-inc ganeti 2.10.1
spi-inc ganeti 2.10.2
spi-inc ganeti 2.10.3
spi-inc ganeti 2.11.0
spi-inc ganeti 2.11.1
spi-inc ganeti
spi-inc ganeti 2.15.1
spi-inc ganeti 2.13.2
spi-inc ganeti 2.12.5
spi-inc ganeti 2.11.6
spi-inc ganeti 2.11.7
spi-inc ganeti 2.12.1
spi-inc ganeti 2.12.2
spi-inc ganeti 2.10.4
spi-inc ganeti 2.10.5
spi-inc ganeti 2.11.2
spi-inc ganeti 2.11.3

Debian Bug report logs - #809537 ganeti: CVE-2015-7944: DoS Package: src:ganeti; Maintainer for src:ganeti is Debian Ganeti Team <ganeti@packagesdebianorg>; Reported by: Antoine Beaupré <anarcat@debianorg> Date: Thu, 31 Dec 2015 21:12:01 UTC Severity: important Tags: security, upstream Found in versions ganeti/2 ...

Pierre Kim discovered two vulnerabilities in the restful API of Ganeti, a virtual server cluster management tool SSL parameter negotiation could result in denial of service and the DRBD secret could leak For the oldstable distribution (wheezy), these problems have been fixed in version 252-1+deb7u1 For the stable distribution (jessie), these p ...

=begin ## Advisory Information Title: Ganeti Security Advisory (DoS, Unauthenticated Info Leak) Advisory URL: pierrekimgithubio/advisories/2016-ganeti-0x00txt Blog URL: pierrekimgithubio/blog/2016-01-05-Ganeti-Info-Leak-DoShtml Date published: 2016-01-05 Vendors contacted: Google, MITRE Organization contacted: Riseup Release ...

Ganeti suffers from unauthenticated information disclosure and denial of service vulnerabilities ...

CWE-399 http://www.ocert.org/advisories/ocert-2015-012.html http://packetstormsecurity.com/files/135101/Ganeti-Leaked-Secret-Denial-Of-Service.html http://docs.ganeti.org/ganeti/2.9/html/news.html#version-2-9-7 http://docs.ganeti.org/ganeti/2.15/html/news.html#version-2-15-2 http://docs.ganeti.org/ganeti/2.14/html/news.html#version-2-14-2 http://docs.ganeti.org/ganeti/2.13/html/news.html#version-2-13-3 http://docs.ganeti.org/ganeti/2.12/html/news.html#version-2-12.6 http://docs.ganeti.org/ganeti/2.11/html/news.html#version-2-11-8 http://docs.ganeti.org/ganeti/2.10/html/news.html#version-2-10-8 https://www.exploit-db.com/exploits/39169/http://www.debian.org/security/2016/dsa-3431 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809537 https://nvd.nist.gov https://www.exploit-db.com/exploits/39169/https://www.debian.org/security/./dsa-3431

CVE-2015-7944

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect