Bug 1018064 (CVE-2013-4767)

Summary: CVE-2013-4767 eucalyptus: Shell Injection Vulnerability on NC
Product: [Other] Security Response Reporter: Ratul Gupta <ratulg>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: agrimm, gholms, mspaulding06
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: eucalyptus 3.3.2 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-08-24 15:40:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1018065    
Bug Blocks:    

Description Ratul Gupta 2013-10-11 06:43:59 UTC 
Unspecified vulnerability in Eucalyptus before 3.3.2 has unknown impact and attack vectors.

References:
http://www.security-database.com/detail.php?alert=CVE-2013-4767
http://osvdb.org/98180
http://www.eucalyptus.com/resources/security/advisories
Comment 1 Ratul Gupta 2013-10-11 06:44:46 UTC 
Created eucalyptus tracking bugs for this issue:

Affects: fedora-all [bug 1018065]
Comment 2 Kurt Seifried 2013-10-25 20:14:10 UTC 
Details have been release publicly: http://www.eucalyptus.com/resources/security/advisories/esa-14

OVERVIEW
------------

A vulnerability has been identified in Eucalyptus 3.0.0 through 3.3.1. An authenticated Eucalyptus user can execute potentially arbitrary shell commands with root privileges on Node Controller (NC) components. An update is now available that resolves this issue. We advise immediately updating all affected Eucalyptus installations.
Comment 4 Vincent Danen 2015-08-24 15:40:40 UTC 
Fedora no longer ships this it seems.